Spec Flow
PassAudited by ClawScan on May 1, 2026.
Overview
Spec Flow appears to be a transparent, purpose-aligned planning and coding workflow that creates local project documentation and can guide user-approved implementation work.
This skill looks suitable for users who want a structured spec-first coding workflow. Before installing, be comfortable with it creating .spec-flow files in your project and guiding code changes during implementation. Prefer step-by-step mode for important work, review generated specs before continuing, and inspect helper scripts before running them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the helper can create or modify files under the current project’s .spec-flow directory.
The workflow may run a local shell helper to initialize project files. This is disclosed and aligned with the skill’s purpose, but it is still local command execution.
Run `scripts/init-spec-flow.sh <feature-name>` or create `.spec-flow/active/<feature>/`
Review the helper script before running it, or manually create the .spec-flow directory if preferred.
If you use batch mode, the agent may make many project changes before you review the result.
The skill documents a mode where the agent can execute all remaining implementation tasks consecutively after a user asks for it. This is purpose-aligned but increases the amount of change made between review points.
Batch Mode... 一次性执行所有剩余任务... User: execute all tasks
Use the default step mode for sensitive or large changes, and reserve batch mode for simple, well-scoped tasks.
Shared or previously generated .spec-flow documents can shape what the agent does in later sessions.
The skill intentionally reads persistent local project-context files to guide later work. This is coherent for spec-driven development, but stale or tampered files could influence future agent decisions.
Check if `.spec-flow/steering/` exists — if so, read for project context
Keep .spec-flow files under review, especially steering documents and task lists, before letting the agent implement from them.
It may be harder to verify the package origin or compare it with an upstream repository.
The registry metadata does not provide a clear source/homepage and does not describe an install mechanism, while helper code files are present. This is a provenance and metadata clarity issue, not evidence of malicious behavior.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... 3 code file(s)
Install from a trusted registry/source and inspect included scripts before use.