Prd Reviewer
v1.0.2PRD需求评审评分专家工具。对产品PRD进行10分制严格量化评分,输出总分、各模块得分及详细扣分说明。触发场景:用户上传PRD并要求评审打分;用户要求按PRD评分标准对需求进行评分;需要生成PRD评审报告。
⭐ 0· 180·0 current·0 all-time
bySpongeBob@flamemyself
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (PRD reviewer) align with the provided instructions: the SKILL.md defines a scoring rubric and runtime steps for extracting and scoring a PRD. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions explicitly tell the agent to read a local .doc file, run a Python one-liner to extract text, and write the result to /tmp/prd.txt; this is appropriate for the skill's purpose. Note: the chosen extraction method (quopri + regex) is brittle for binary .doc formats and may fail or produce incorrect output. Also, the skill will access PRD file contents and write extracted text to /tmp, so sensitive data in uploaded documents could be exposed to the host or other processes.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is written to disk by an installer and no external packages are pulled during install.
Credentials
The skill declares no environment variables, credentials, or config paths. The SKILL.md also does not attempt to read environment variables or external credentials — the requested access (reading an uploaded PRD file) is proportional to the task.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or modify other skills. It only describes transient file I/O (reading PRD, writing /tmp/prd.txt) which is expected for this use case.
Assessment
This skill appears coherent and matches its stated purpose, and it asks for no secrets or installs. Before installing/using it: (1) avoid uploading PRDs that contain highly sensitive secrets (credentials, private keys, or personal data) because the extractor reads the file and writes extracted text to /tmp; (2) if you need robust .doc extraction, prefer a tested parser (python-docx, antiword) because the provided quopri/regex one-liner may mis-handle binary .doc files; (3) consider running the skill in an isolated environment and/or delete /tmp/prd.txt after review to reduce residual data exposure. If you need higher assurance, request the author/source code or a vetted parser implementation.Like a lobster shell, security has layers — review code before you run it.
latestvk97b9wy7ffwj8ggcq6ywa3cp7s83krcn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.