ClawHub

Software Engineer for projects

v1.0.1

Project Engineer skill — the technical authority for software development agent teams. Use this skill whenever an engineering agent needs to: analyze or audi...

0· 66·0 current·0 all-time
by@encryptshawn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Project Engineer) match the content: templates, audit/assessment workflows, git/Asana handoff guidance. The skill does not request unrelated binaries, env vars, or credentials and explicitly defers execution and credential management to separate tooling skills (git_essentials, Asana PAT).
Instruction Scope
SKILL.md and reference files describe read-only repo analysis, spec generation, escalation procedures, and use of grep/find/git via a separate git skill. All referenced actions are scoped to repository inspection and documentation; the skill explicitly forbids pushing, modifying repos, reading secrets, DB access, or interacting with billing/crypto.
Install Mechanism
No install spec and no code files (instruction-only). Nothing will be downloaded or written by this skill itself, so install risk is minimal.
Credentials
The skill declares no required env vars, no primary credential, and no config paths. It explicitly states it does not read or transmit secrets and relies on other loaded skills for credentials; requested access is proportionate to its stated purpose.
Persistence & Privilege
always:false and default autonomous invocation are set. The skill is instruction-only and does not request persistent system presence or modify other skills' configs. It explicitly limits actions to read-only analysis and documentation.
Assessment
This skill is internally coherent and appears to only provide procedures and templates for engineering work. Before installing or enabling it widely: 1) Verify any companion tooling skills it expects (git_essentials, Asana PAT skill, language-specific tooling) have appropriately scoped, least-privilege credentials (read-only git tokens, Asana PAT limited to task creation if needed). 2) Audit those other skills' install specs and env requirements—this engineer skill relies on them to run commands and access repos. 3) Confirm operational controls so the agent cannot be given push/DB/production credentials through other skills or prompts (the engineer skill explicitly forbids such actions, but other loaded skills could have wider powers). 4) If you want to limit autonomous use, check platform controls for skill invocation or disable model invocation for this skill until you’ve reviewed the companion tooling. Overall the skill itself does not request secrets or install code, but its safety depends on the trustworthiness and permissioning of the other skills it expects to work with.

Like a lobster shell, security has layers — review code before you run it.

latestvk972wjs80r1ax43pww4vm4m86x84ppzt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments