Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Dev Workflow
v1.0.0Master orchestrator for the full autonomous development lifecycle. Use this skill whenever the user mentions starting a new feature, has an idea to implement...
⭐ 0· 48·0 current·0 all-time
byEmerson Braun@emersonbraun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to orchestrate the full dev lifecycle (PRD → issues → architecture → QA → dev → tests → PRs). That purpose legitimately requires access to the repository, test tooling (npm, Playwright), and GitHub APIs. However the skill declares no required binaries, no credentials (GitHub token), and no config paths. Those omissions are inconsistent with the claimed purpose.
Instruction Scope
SKILL.md instructs the agent to 'explore the codebase', run 'npm test + Playwright + coverage check', post test plans and comments to GitHub issues, create PRs, and close issues. Those are cross-cutting actions (read/write repo, execute commands, call GitHub) but the instructions do not specify limits, required explicit user approvals per action, or where credentials/binaries come from. The skill also gives broad autonomous discretion ('decides what comes next'), increasing the risk of unintended operations.
Install Mechanism
Instruction-only skill with no install spec and no bundled code files; this is the lowest install risk (nothing is written to disk by an installer).
Credentials
The skill will need access to repository files, node/npm/Playwright tooling, and GitHub API tokens to perform its declared phases. Yet requires.env, primary credential, and required config paths are empty. That mismatch suggests the skill either (a) expects other skills to supply credentials/tools without documenting it, or (b) will attempt actions without the necessary declared privileges — both are problematic for least privilege and auditability.
Persistence & Privilege
always is false (good). The skill allows autonomous invocation (default platform behavior). Autonomous operation combined with the broad actions the skill can take (running tests, creating PRs, closing issues) raises the operational risk if credentials/environment are granted implicitly. The skill does not request permanent presence or modify other skills' configs.
What to consider before installing
This skill appears powerful but is inconsistent about what it needs to run. Before installing or enabling it, ask the publisher to clarify: (1) precisely which binaries and runtime (node, npm, Playwright) it requires and whether those will be executed inside a sandbox; (2) what credentials it needs (GitHub token, repo access) and why those credentials are not declared in the metadata; (3) whether each destructive/write action (create PR, close issue, push branch, run tests) will require explicit user confirmation or be fully autonomous; and (4) whether repository access will be limited to a specific workspace/path and for how long. If you proceed, follow least-privilege practices: grant a scoped GitHub token limited to the necessary repo actions, require explicit confirmations for creates/merges, and prefer delegating test execution and PR creation to separate, auditable skills that document required environment variables and tool dependencies. If the publisher provides documentation showing that other named skills supply the credentials/tools in a controlled way (and that actions require per-step confirmation), that could reduce the concern.Like a lobster shell, security has layers — review code before you run it.
latestvk977xzqefgg9q41ve9mb86akm584b111
License
MIT-0
Free to use, modify, and redistribute. No attribution required.