ClawHub

Openforge

v2.2.0

Staged, multi-model PRD execution for OpenClaw. Write a PRD with phased sections, model routing, and validation gates — OpenForge executes it across local an...

0· 166·1 current·1 all-time
byCorbin Breton@corbin-breton
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (PRD orchestration with phased execution, model routing, and gates) matches the SKILL.md instructions: parse PRDs, spawn sub-agents, route models, run gates, and auto-fix loops. No unrelated binaries or credentials are requested. The capabilities requested (read/write workspace, spawn sessions, exec) are exactly what an orchestrator needs.
!
Instruction Scope
Instructions permit running arbitrary gate commands via exec and passing PRD content verbatim to sub-agents. The skill describes a whitelist-like check that forbids certain shell metacharacters unless Shell-Gate:true, but execution of PRD-specified commands and file writes is core behavior. This is expected for an orchestrator but expands scope to filesystem and shell execution; users must not run untrusted PRDs and should review gate commands carefully.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install posture. Nothing is downloaded or written by an installer according to the metadata.
Credentials
No environment variables or credentials are required by the skill itself. However, it will route work to whatever AI model providers are configured in the OpenClaw agent (using existing provider credentials already present in the environment), and it passes PRD content and file contents to models. This is proportional to its purpose but important to understand: sensitive data in PRDs or workspace files may be sent to external model providers.
Persistence & Privilege
Skill is not always-enabled and does not request persistent installation. It spawns sub-agents that inherit the orchestrator's workspace constraints, but it does not claim to modify other skills or system-wide configs. Autonomous invocation remains possible (platform default) — consider that this plus exec capability increases attack surface if misused.
Assessment
This skill appears to do what it says (orchestrate PRDs), but it intentionally performs potentially dangerous actions: it reads/writes your workspace, spawns sub-agents, and runs gate shell commands from PRDs. Before using it: 1) Never include secrets or credentials in PRD files; sensitive data may be sent to configured model providers. 2) Review every PRD (especially any Gate lines) before execution; the skill's metacharacter checks reduce risk but do not eliminate it. 3) Use an isolated workspace or repo for runs you don't fully trust. 4) If you need stronger guarantees, ask for PRD scope enforcement or secret-scanning before running. If you want me to, I can list specific things to add to a PRD-review checklist or produce a template PRD with safer gate examples.

Like a lobster shell, security has layers — review code before you run it.

coding-agentvk974z6ntv0p0rnn5260e139xss83a90nlatestvk9757rw80astxswgyffyh7dqj583xbcwmulti-modelvk974z6ntv0p0rnn5260e139xss83a90norchestrationvk974z6ntv0p0rnn5260e139xss83a90nprdvk974z6ntv0p0rnn5260e139xss83a90n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments