成功的项目管理
v1.0.0Use this skill for multi-step project work that requires structured intake, context discovery, scope control, environment awareness, evidence-driven debuggin...
⭐ 0· 195·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (project governance, intake, evidence-driven debugging, documentation) match the SKILL.md content. It asks the agent to inspect project docs, plan, and make small changes — all consistent with the stated purpose. No unrelated binaries or cloud credentials are requested.
Instruction Scope
Instructions direct the agent to read project files, docs, logs, and perform readonly inspections and small changes when justified. This is within scope for a project-management workflow, but it does give the agent broad discretion to read repository files and environment-related artifacts — which may surface sensitive information if present.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing will be written to disk by an installer as part of the skill package itself.
Credentials
The skill declares no environment variables, credentials, or config paths. The SKILL.md emphasizes asking for environment facts and preferring readonly checks rather than assuming secrets, which is proportionate to its purpose.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or to modify other skills. Normal autonomous invocation is allowed (platform default).
Assessment
This skill appears coherent for project-level, evidence-driven work. Before installing, confirm you trust the skill despite its unknown source: • Decide whether you will allow the agent read access to your repository and logs (it will need that to follow the workflow). Prefer granting read-only access initially. • Be cautious about automatic writes: the SKILL.md suggests writing to project-local .learnings/ files — ensure those files won’t capture secrets or sensitive logs. • If you require higher assurance, ask the publisher for provenance (homepage, repo, maintainer) or review the skill text yourself; since it’s instruction-only there is no bundled executable, reducing install risk. • Monitor the first runs and review any changes the agent proposes before applying them.Like a lobster shell, security has layers — review code before you run it.
latestvk97713n681mr7jnp8vw1adm5nh836xfe
License
MIT-0
Free to use, modify, and redistribute. No attribution required.