gstack CEO Review
v1.0.0Provides CEO-level plan reviews to rethink problems, challenge assumptions, and expand or reduce scope for ambitious, rigorous, and focused product improveme...
⭐ 0· 169·0 current·0 all-time
byGarry Tan@garrytan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description match the SKILL.md content: guidance for CEO/founder-style plan reviews in four modes. There are no unexpected environment variables, binaries, or install steps that would be disproportionate to a review-oriented skill.
Instruction Scope
The SKILL.md is a detailed runtime instruction set that stays within the stated review purpose (challenge premises, map failure modes, propose alternates). It does require mapping plans to "existing code" and producing mandatory diagrams; that implies the review may ask the user to supply project artifacts or repositories. The skill itself does not instruct the agent to read system files, environment variables, or to transmit data to external endpoints, but if you provide code or repo access to the agent, that is outside the skill's intrinsic scope and should be considered separately.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is written to disk or downloaded by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no disproportionate or unexplained secrets requested.
Persistence & Privilege
always:false (default) and the skill is user-invocable. disable-model-invocation is false (agent can invoke autonomously), which is the platform default and not by itself a concern. The skill does not request persistent system-wide changes.
Assessment
This is an instruction-only review skill and appears internally consistent and low-risk: it doesn't install code or request credentials. Two practical cautions: (1) The review repeatedly asks you to "map to existing code" and requests diagrams — if you grant the agent access to repositories, files, or external project management systems to satisfy those steps, that introduces risk outside this skill; only grant access you trust. (2) Autonomous invocation is allowed by default on the platform; if you do not want the agent to call this skill without explicit prompting, disable autonomous invocation or only enable the skill when needed.Like a lobster shell, security has layers — review code before you run it.
latestvk978yrz58mkygfvcs5snxyatmd849rm7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.