Devtaskflow
Security checks across malware telemetry and agentic risk
Overview
DevTaskFlow is broadly aligned with its AI development purpose, but it should be reviewed because it documents automatic use of local OpenClaw/LLM credentials that the registry does not declare, while also being able to write, run, deploy, and publish projects.
Before installing, confirm which LLM/OpenClaw credentials it will use, which provider endpoint will receive your project data, and whether you are comfortable letting it write files, run generated code, deploy, or publish. Use dry-run previews, keep secrets out of project files, and require explicit confirmation before deploy or publish steps.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use an existing OpenClaw/LLM account and API key from local configuration, potentially incurring provider usage and sending requests without a separate credential prompt.
This documents local account/profile credential access. That access is high-impact and is not reflected in the supplied registry metadata, which declares no primary credential and no required config paths.
`lib/openclaw_config.py` — 自动从 `~/.openclaw/openclaw.json` + `credentials/` 读取 model / base_url / api_key
Declare the credential/config path in metadata, clearly prompt before using discovered credentials, document exactly which account is used, and provide an opt-out or explicit endpoint/key selection.
Project requirements and file contents may be shared with the configured LLM provider or subagent.
The analyze flow sends requirements and snippets of project files into the configured orchestrator/LLM context. This is central to the skill, but users should understand the data boundary.
project_files = scan_project_files(project_root) ... f"=== 文件: {f['path']} ===\n{f['content'][:2000]}" ... orchestrator.run('analyze', {'requirements': requirements, 'context': context, ...})Use a trusted LLM endpoint, remove secrets from project files before running, and document what project data is sent during each phase.
If approved, the skill can modify project files, start local services, change remote deployment targets, and publish public artifacts.
These commands can write generated code, run it locally, deploy it, and publish releases/skills. This is purpose-aligned and SKILL.md requires confirmation, but the actions are high-impact.
`dtflow start --confirm-write` ... `dtflow start --run` ... `dtflow start --deploy` ... `dtflow advanced publish --target github` ... `dtflow advanced publish --target clawhub`
Review dry-run output, inspect generated files, and require explicit user approval before running, deploying, or publishing.
Using the board may fetch and install external npm packages in the local environment.
The board feature may install Node dependencies on first use, while the supplied install specification is absent. This is understandable for a local dashboard, but it adds runtime supply-chain surface.
board 的 Node.js 应用需要 `npm install`(首次自动执行)
Declare this install behavior, prefer the included lockfile, and let users approve first-use dependency installation.
A user may receive simplified status messages instead of detailed plans, state, or exact token usage unless they ask for more information.
The skill instructs the agent to summarize internal steps rather than expose implementation details or exact token counts. This may be reasonable for usability and secret protection, but users may need more transparency for cost and safety decisions.
不要暴露: analyze、DEV_PLAN.md、orchestration、config.json、.state.json、token 数 ... 应该说:"我分析了需求"、"代码已生成"、"检查过了没问题"
Keep sensitive config hidden, but provide user-accessible summaries of plans, review results, deployment impact, and estimated/actual token costs before costly or irreversible actions.