ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Code Workflow

v0.1.1

4-stage workflow for code changes: research → plan → user review → implement (TDD). Applies to all tasks requiring code changes: issue implementation, fix_pl...

0· 54·0 current·0 all-time
byes6kr@drumrobot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (a 4-stage coding workflow) align with the SKILL.md instructions (research → plan → user review → implement). Declared dependency on 'tdd' and 'skill-toolkit' is consistent with the TDD and self-upgrade references.
!
Instruction Scope
Instructions mandate writing findings and plans to repository files (.ralph/docs/generated/...), require committing changes without asking the user once tests pass, and enforce continuous local developer commands (pnpm/tsc, git). They also require the agent to run a post-run self-upgrade (/skill-toolkit upgrade coding-workflow). Automatically committing and self-upgrading are scope-creepy actions that change repository and skill state without explicit user consent and reduce transparency (says 'Do not summarize in chat — always write to a file').
Install Mechanism
There is no install spec (instruction-only), which is low-risk. However, the skill instructs the agent to run '/skill-toolkit upgrade coding-workflow' after completion; that could trigger downloads/installation by another skill. Because the source of such upgrades is not shown, this introduces potential supply-chain risk.
!
Credentials
Manifest declares no required binaries or env vars, but instructions assume developer tools (git, pnpm or tsc, test runner) and repository write access. The omission is an incoherence: the skill requires capabilities (file writes, git commits, npm/ts tooling) that are not listed as requirements or preconditions.
!
Persistence & Privilege
The skill does not set always:true, but asks to commit changes automatically and to run a self-upgrade on itself. Those actions grant it effective write-and-update privileges over the repository and the skill bundle (via skill-toolkit). Without explicit user confirmation on commits or upgrades, this increases the blast radius if misused.
What to consider before installing
This skill is coherent as a coding workflow, but it instructs the agent to modify the repository (write plan/research files and commit changes automatically) and to self-upgrade via the toolkit. Before installing or invoking it: 1) Ensure you trust the 'skill-toolkit' and 'tdd' skills and know what '/skill-toolkit upgrade' will do. 2) Prefer requiring explicit user confirmation before commits (remove or change the 'Do not ask the user whether to commit' rule). 3) Confirm developer tools (git, pnpm/tsc, test runner) are available and acceptable to be run by the agent. 4) Consider restricting autonomous invocation or blocking auto-commit behavior so changes can't be pushed/committed without your explicit approval. 5) If you need higher assurance, request the skill's source (homepage or repository) so you can inspect the upgrade flow and any code the toolkit would download; that information would raise confidence and could change this assessment.

Like a lobster shell, security has layers — review code before you run it.

latestvk979ppbty602pr90469vqy14bs845vk8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments