Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GSD Orchestrator
v1.0.0Orchestrate GSD (Get Shit Done) projects via subprocess execution. Use when an agent needs to create milestones from specs, execute software development work...
⭐ 0· 84·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description match the declared requirement of a 'gsd' binary and the SKILL.md describes driving that binary via subprocess exec, parsing JSON output, and using standard flags; asking users to install the npm package 'gsd-pi' to obtain a 'gsd' CLI is consistent with the purpose.
Instruction Scope
Instructions are focused on running the 'gsd headless' CLI, parsing its JSON output, and using commands like new-milestone/next/auto/query. However the included answer-injection docs explain creating an answers.json that can inject arbitrary environment variables (secrets) into child processes; this broadens the runtime scope because it enables supplying credentials to subprocesses and relies on the tool to manage secret handling. That behavior is directly relevant to orchestration but raises operational risk if misused.
Install Mechanism
The skill is instruction-only (no code files), so nothing is written by the registry installer. SKILL.md recommends 'npm install -g gsd-pi' to obtain the 'gsd' binary; that is a reasonable, common install method. There is a minor incoherence: the skill metadata shown to the registry said 'No install spec', while SKILL.md contains an install block recommending the node package. Verify where you will actually obtain the 'gsd' binary (npm package name and publisher) before installing.
Credentials
The skill itself does not require specific environment variables, but the answer-injection feature explicitly supports storing and injecting arbitrary secrets (e.g., OPENAI_API_KEY, DATABASE_URL) into child-process environments via an answers.json file. That is a powerful capability and can lead to accidental exposure or misuse of credentials if the answers file is stored insecurely or if the orchestrated tooling forwards secrets elsewhere. Because the skill facilitates injecting arbitrary env vars, treat this as a privileged operation and only use it with trusted binaries and secure secret storage.
Persistence & Privilege
The skill does not request 'always: true' and uses normal autonomous invocation defaults. It does not declare any system config paths or attempt to modify other skills. No elevated persistence or platform-wide privilege is requested.
What to consider before installing
This skill appears to be what it says (a wrapper/orchestrator around a local 'gsd' CLI) but it exposes a powerful secret-injection facility that you should treat carefully. Before installing or running it: 1) Verify the origin and integrity of the 'gsd' binary / the 'gsd-pi' npm package and its publisher; do not install packages from untrusted sources. 2) Avoid placing long-lived secrets in plaintext answers.json files in source trees or shared folders; use ephemeral secrets or CI secret stores when possible. 3) If you must use answers.json, ensure file permissions are tight and rotate any credentials afterward. 4) Be aware that orchestrating a CLI that itself can run arbitrary build/test/commit steps is inherently powerful — run it in a constrained environment (container/VM) if you are unsure. 5) The SKILL.md includes an install suggestion while the registry metadata lists no install spec; confirm how the skill will be installed in your platform. If you need higher assurance, ask the publisher for the package repository / release URL or request a copy of the gsd source for audit.Like a lobster shell, security has layers — review code before you run it.
latestvk973svsn9nfmzv8r1m4mzsc8f983m7q7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsgsd