ClawHub

Craftwork

v1.0.0

9 engineering disciplines for AI agents — TDD, debugging, code review, planning, and multi-agent coordination. Build software like it matters.

0· 339·0 current·0 all-time
by@gaurangbhattspaceo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (TDD, debugging, code review, planning, multi-agent coordination) match the SKILL.md content. The skill only contains prose describing developer workflows and git/test commands; no unrelated credentials, binaries, or install steps are requested.
Instruction Scope
The instructions legitimately tell an agent to read the codebase, run git commands, run tests, spawn subagents, and call local health endpoints — all expected for a developer-discipline skill. Note: many runtime commands (git push, gh, curl, pm2) will act on the host environment and may require existing credentials/rights; the SKILL.md does not request additional env vars for these, which is reasonable but means the skill relies on the agent's existing shell/credentials.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to run. That minimizes disk writes and third-party downloads; low install risk.
Credentials
The skill does not declare or require any environment variables, credentials, or config paths. The actions it describes (git, gh, curl) will use whatever credentials/tools exist in the agent environment; that is proportional for a code-execution/repo-oriented skill but worth noting for permission control.
Persistence & Privilege
always is false and the skill is user-invocable. Autonomous invocation is allowed by default (disable-model-invocation is false) but this is the platform default and not by itself a red flag. The skill does not request permanent presence or attempt to modify other skills or system-wide agent settings.
Scan Findings in Context
[no_findings] expected: The regex-based scanner found nothing to analyze — expected because this is an instruction-only skill with no code files. Absence of findings is not evidence of safety beyond confirming there's no embedded code to scan.
Assessment
This skill is coherent and appears to do what it says: provide disciplined workflows for agent-driven development. Before installing, consider that the instructions expect access to your repository and developer tooling (git/gh, tests, local services) and will tell an agent to run commands like git push, run tests, and call local health endpoints. If you install it: 1) ensure the agent runs with least privilege (do not give it elevated access or unrestricted push permissions to critical repos), 2) prefer manual review or require human approval before any push/merge actions, and 3) verify that any automation spawned by the agent (subagents) is subject to the same safeguards. If you want stronger safety, disable autonomous invocation or require a human-in-the-loop for push/merge steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk9722dhw9xhzzp0zmq9tc85tfd81y19g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔨 Clawdis
OSmacOS · Linux · Windows

Comments