ClawHub

Gstack Skills

v1.0.0

Complete development workflow suite from Y Combinator CEO Garry Tan's gstack. Use /gstack or any gstack command (/office-hours, /review, /ship, etc.) to acce...

0· 48·1 current·1 all-time
by@dsg12te-del
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (gstack workflow router & tools) matches the shipped assets: SKILL.md instruction files for multiple subskills and two small helper scripts (command_router.py, state_manager.py). There are no unrelated binaries or environment variables requested.
Instruction Scope
SKILL.md files instruct the agent to inspect git state, produce diffs, and optionally apply 'auto-fix' changes. That behavior is consistent with a code-review workflow, but it can modify repository files if auto-fixes are applied. The docs explicitly recommend creating backups and asking user confirmation before applying fixes, which mitigates risk. No instructions direct reading of unrelated system paths, secrets, or external servers.
Install Mechanism
No install spec is provided (instruction-only plus two local helper scripts). Nothing is downloaded or written outside the included scripts, so install risk is low.
Credentials
The skill requires no environment variables, credentials, or external config paths. The only persisted path is a local directory (.workbuddy/gstack-state) used to store workflow JSON files—reasonable for state between steps.
Persistence & Privilege
always is false and autonomous model invocation is allowed (platform default). The skill persistently writes state under a project-local folder (.workbuddy/gstack-state) and may auto-edit repo files if auto-fix actions are executed; however the instructions call for backups and user confirmation prior to changes. It does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: routing gstack commands, reviewing diffs, and storing workflow state locally. Things to consider before installing: 1) The review workflow can run git commands and may propose or auto-apply fixes — ensure the agent asks for confirmation or run it in a test branch or container. 2) The state manager writes files to .workbuddy/gstack-state in your project directory; if you have sensitive files, review that path. 3) Inspect the included scripts yourself (they are small and local) before granting autonomous execution. 4) No credentials or network installs are requested, which reduces risk. If you want lower blast radius, disable autonomous invocation for this skill or restrict it to read-only review actions until you're comfortable with auto-fix behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk976cavs7s6hq2437q4sz165s983ztk1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments