Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Prd Workflow

v4.2.2

Complete PRD workflow with integrated review, flowchart, and export. Deep interview → Requirement analysis → PRD generation → Review → Flowchart → Quality ch...

⭐ 1· 282·1 current·1 all-time

by@gotomanutd-dot

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

CryptoRequires walletCan make purchases

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The codebase (workflows, modules, mermaid rendering, export engine, requirement-reviewer, templates) aligns with a PRD/workflow generator for financial products. However the registry metadata declares no required binaries while the included postinstall script auto-installs mermaid-cli and optionally Playwright/html2image — a mismatch between 'Required binaries: none' and the implementation. The install-time global installs are relevant to the stated purpose (diagram rendering, screenshots) but should have been declared up front.

Instruction Scope

SKILL.md instructs the agent to conduct a multi-round interview itself and explicitly says 'if a question can be answered by exploring the codebase, explore the codebase instead' and to save results at ~/.openclaw/workspace/output/{userId}/{projectName}/interview.json. That grants the skill broad read access to the skill/workspace tree and permission to write files in the user's OpenClaw workspace. Reading the codebase and writing interview JSON are plausible for this skill, but the instruction is broad (could cause the agent to traverse other files in the workspace) and is not limited to only the skill's own files — this is a scope creep / privacy concern for users with sensitive files in the workspace.

Install Mechanism

There is no formal install spec in registry metadata, but the package includes scripts/postinstall.js which, if executed, runs network installs and global installs (npm -g @mermaid-js/mermaid-cli, pip install with --break-system-packages, optional playwright global install + npx playwright install chromium). The postinstall script installs a 'required' dependency (mermaid-cli) without prompting and offers to install others (some prompts exist but required=true for mermaid-cli). Auto-installing global system packages is high friction and can modify the host unexpectedly; this install behavior is not reflected in the declared 'required binaries: none'.

ℹ

Credentials

The skill does not request environment variables or secrets and does not declare credentials, which is proportional for a PRD generation tool. That said, it writes files to ~/.openclaw/workspace/output/... and may read the codebase; writing user-specific files is expected for outputs but users should be aware the skill will create persistent files in their OpenClaw workspace.

ℹ

Persistence & Privilege

The skill does not request 'always: true' and uses the platform default (agent invocation allowed). It does include code and postinstall logic that can install system tooling and produces persistent output files in the user's workspace. Combine autonomous invocation with the install-time global installs and the ability to read the workspace, and the blast radius grows — this is allowed by defaults but worth noting.

What to consider before installing

What to consider before installing or enabling this skill: - Purpose and code match: The code implements a full PRD workflow (interview, decomposition, PRD generation, review, flowchart, prototype, export). That functionality explains most files you see. - Review postinstall.js: The install script will attempt to install mermaid-cli globally (required) and may offer/install Python html2image or Playwright (which can be large). These are network installs that modify the host and were not declared as required binaries in the registry metadata. If you install, review and run postinstall manually in a controlled environment (or skip it) rather than allowing an automated, privileged install. - File access & output: The SKILL.md instructs the agent to explore the codebase to answer interview questions and to write interview.json into ~/.openclaw/workspace/output/{userId}/{projectName}/. Make sure no sensitive data or other skills' secrets live under your OpenClaw workspace that you don't want an enabled skill/agent to read. Prefer running this skill in a sandboxed user account or container if workspace contents are sensitive. - Execution model: The skill contains executable modules and JavaScript entry points. If you allow the agent to execute modules autonomously, it can read and write files under the workspace and invoke rendering/export flows. Consider restricting autonomous invocation or auditing the specific modules the skill will run for your use case. - Safer options: (1) Inspect scripts/postinstall.js and other code locally before running; (2) deny automatic postinstall and manually install only the tools you trust; (3) run the skill in an isolated environment (container or separate user account); (4) if you only want PRD text outputs and not diagram rendering, you may skip installing mermaid/playwright to reduce system changes. - When in doubt: mark this skill as suspicious until you verify the postinstall behavior and confirm that reading the codebase/writing outputs is acceptable for your environment.

✗

scripts/postinstall.js:73