Openforge
ReviewAudited by ClawScan on May 10, 2026.
Overview
OpenForge is a transparent PRD-orchestration skill, but it can spawn sub-agents, edit workspace files, and run PRD-specified shell gates, so users should only run trusted PRDs.
Install only if you are comfortable giving a PRD-driven agent permission to edit your workspace and run reviewed build/test/lint commands. Treat PRDs like executable code: keep them trusted, avoid secrets, use version control, and review outputs before relying on them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A PRD can cause the agent to run local commands in your workspace, which could modify files or run project scripts.
The skill intentionally runs shell commands from PRD gate definitions. This is disclosed and purpose-aligned for build/test/lint gates, but shell execution is high-impact if the PRD is not trusted.
Gate commands are run via `exec` in the working directory.
Only use PRDs you trust, and review every `Gate:` command before starting OpenForge.
The skill can make code and configuration changes across the active workspace as part of executing a PRD.
The skill uses broad agent tools to spawn sub-agents, read/write files, and execute commands. This matches its PRD implementation purpose, but users should understand the authority being delegated.
runs entirely through native OpenClaw tools (`sessions_spawn`, `exec`, `read`, `write`).
Run it in the intended project workspace, keep source control backups, and review generated changes before accepting them.
Anything placed in the PRD may be shown to sub-agents and, through configured model providers, leave the local environment.
The artifact discloses that PRD text is shared with sub-agents and is not secret-scanned. This is expected for multi-agent PRD execution, but it makes PRD contents sensitive.
PRD content is passed to sub-agents verbatim. OpenForge does not scan for embedded secrets
Do not include API keys, passwords, tokens, private customer data, or other secrets in PRDs.
Mistakes in the PRD or review output could be amplified into multiple rounds of edits before the run stops.
Automatic fix-and-review cycles are bounded and disclosed, but a bad PRD or incorrect review finding could lead to repeated workspace changes during a run.
Fix sub-agent is spawned with the findings as context; review re-runs after fixes - Loop repeats up to 3 cycles before escalating
Use version control, inspect diffs after each run, and keep PRDs narrowly scoped.
Multiple agent workers may read and modify the workspace at the same time during a run.
The skill intentionally creates sub-agents to execute PRD phases. The artifacts describe this openly and bound execution to the orchestrated run, but users should notice that work may happen in parallel.
Spawns sub-agents for phases that can run in parallel
Use this on isolated branches or clean workspaces, especially for large PRDs with parallel phases.