Openclaw Godmode Skill Repo

This skill is documentation-only and appears to be what it claims — an orchestrator for multi-agent development workflows — but there are important inconsistencies and runtime risks you should consider before enabling it: - Metadata mismatch: The registry summary shows no required binaries or environment variables, yet the skill's own SKILL.md and clawdis.yaml state it requires shell tools, network access, and credentials (GH_TOKEN, Claude/Anthropic auth, MCP auth) at runtime. Treat the runtime declarations in SKILL.md/clawdis.yaml as authoritative and assume the skill will request these when invoked. - What it can do at runtime: Agents are permitted to run bash/git/npm/tsc/playwright, read/write and edit project files, run tests, create GitHub issues/PRs, and fetch web content. That is appropriate for an orchestrator but gives broad powers — it can modify your repo and execute commands in the environment where your agent runs. - Minimize risk before use: 1) Run the skill in a sandbox/container or on a forked repository first; 2) Provide least-privilege tokens (create a GitHub token with minimal scopes and avoid using a global admin token); 3) Do not supply your primary production credentials (MCP/Claude) until you’ve validated behavior; 4) Verify and/or pin MCP endpoints and check logs of any agent-run commands; 5) Confirm the skill's explicit rule 'NEVER git push without permission' is enforced by your own policies — do not rely on the skill to be well-behaved. - Ask the publisher or maintainers to fix registry metadata so required runtime binaries/credentials are declared at install time (this mismatch is the main coherence issue). If you need higher assurance, request sample runs, agent message transcripts, or test in an isolated environment before granting any credentials. Overall: the skill is plausible for its purpose but the metadata omission about runtime credentials/binaries is a red flag — proceed cautiously and with least-privilege controls.