Boss
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Boss is a disclosed full-development automation skill, but it can automatically edit projects, run shell/deployment commands, and skip confirmations, so it should be reviewed and sandboxed before use.
Install only if you want a highly autonomous coding-and-deployment workflow. Use a clean branch or sandbox, avoid `--quick` until you trust the behavior, review generated plans and diffs before deployment, and keep secrets out of prompts and `.boss` artifacts.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may modify an existing codebase, run tools, and deploy or start services before the user has reviewed the exact changes.
The skill can proceed through implementation, testing, and deployment with all confirmation checkpoints disabled, and the normal workflow does not show a separate pre-deployment approval.
`--quick` | 跳过所有确认节点,全自动执行 ... 阶段 3: 开发 + 持续验证 ... 阶段 4: 部署 + 交付
Avoid `--quick` on important repositories, require explicit approval before shell commands and deployment, and run it in a branch, container, or disposable workspace.
This can execute project code, install or use dependencies, open local ports, and leave services running.
The DevOps agent is explicitly allowed to execute shell commands and start project services or containers.
`tools: ... Bash` ... `npm run dev` ... `npx serve` ... `docker-compose up -d`
Review generated commands before execution, prefer local-only/sandboxed deployment, and verify the stop/cleanup command after use.
An early misunderstanding can become many file changes or a deployed service if not caught.
Each stage uses prior artifacts as inputs for later agents, so a mistaken or unsafe requirement/design can propagate into code, QA, and deployment.
`产物驱动` — 每个阶段产出文档,下一阶段基于前一阶段产物
Review `.boss` planning artifacts and diffs before allowing implementation or deployment to continue.
Sensitive project details could remain in the repository and might be committed or reused in later tasks.
The skill stores requirements, architecture, QA, and deployment details in persistent project files that later stages read.
保存产物到 `.boss/<feature>/`:`prd.md`, `architecture.md`, `ui-spec.md` ... `qa-report.md`, `deploy-report.md`
Do not put secrets in requirements, review `.boss` files before committing, and add `.boss/` to `.gitignore` if the artifacts should stay private.
Requirements, repository context, and generated artifacts may be shared across several subagents during the pipeline.
The workflow passes task context and prompt content to multiple general-purpose subagents as part of orchestration.
Task( subagent_type: "general_purpose_task", description: "PM: 创建 PRD", query: pm_prompt + ... )
Limit sensitive context, confirm which subagents/tools are allowed, and avoid including credentials or private data in task descriptions.