Harness Engineering
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-harness-engineering Version: 1.0.0 The skill bundle implements a structured 'Harness Engineering' workflow for AI-assisted coding, emphasizing a dual-agent (Generator/Evaluator) system and quality gates. It contains no malicious code, data exfiltration attempts, or harmful prompt injections; instead, it includes security checklists (e.g., in skills/evaluator.md) to prevent common vulnerabilities like XSS and SQL injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish unintended code changes to a remote repository using the user's existing Git setup.
This makes committing and pushing to a remote repository part of the default workflow before the user is explicitly shown the final diff or asked to approve the push.
阶段 5:交付 ... Generator 执行 git commit + push ... 向用户报告交付结果
Make commit and push opt-in. Require explicit user approval after showing the diff, target branch, remote, and commit message; prefer feature branches and let users push manually when appropriate.
Stale, sensitive, or poisoned project notes could affect later coding tasks or expose details inside project audit files.
The skill intentionally creates and reuses persistent project rules, knowledge, and change records that may influence future agent behavior.
.harness/rules/ # 编码规范、工作流、质量门禁(始终加载) ... wiki/ # 项目知识库(按需查询) ... changes/ # 变更审计链(每次需求自动创建)
Review .harness contents regularly, keep secrets out of these files, and treat project rules/wiki entries as trusted configuration.
Project context may be exposed to another agent/model role unless the runtime keeps both agents in the same trusted boundary.
The workflow depends on a separate evaluator agent reviewing the generator's outputs, which implies sharing project code and change context across agent roles.
必须用不同的 Agent(Evaluator)评审 Generator 的产出
Use this only where both agent roles are trusted, and define what files or sensitive context may be shared with the evaluator.