ClawHub

OpenSpec Dev Flow (CN)

v1.0.0

基于 OpenSpec 的迭代开发流程。适用于任何创建任务,包括 skill 开发、功能开发、重构、bug 修复等。当用户要求创建、开发、实现任何东西时,或当用户说"按 OpenSpec 流程来"、"走 spec 流程"、"按规范开发"时触发此技能。

1· 112·0 current·0 all-time
byhuangxiaoqian@huangxiaoqian007
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (OpenSpec iterative dev flow) match the SKILL.md content: the skill prescribes how to gather intent, produce proposal/design/specs/tasks under openspec/, implement tasks, verify, and archive. It does not request unrelated credentials, binaries, or system paths.
Instruction Scope
SKILL.md directs the agent to read repository/project context and to create/modify files beneath an openspec/ workspace (proposal.md, design.md, tasks.md, delta specs, archive). Those actions are expected for a dev workflow. The instructions explicitly require user confirmation at each stage (with an explicit exception if the user asks to skip confirmation). No instructions reference external endpoints, unrelated system config, or secret exfiltration.
Install Mechanism
No install spec and no code files—this is instruction-only, so nothing is downloaded or written outside the working directory artifacts the workflow itself creates. This is the lowest-risk install profile.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The SKILL.md does not ask for secrets or external tokens. It does instruct reading the repo/project context, which is proportionate to its purpose.
Persistence & Privilege
always:false and user-invocable:true. The skill can be autonomously invoked by the agent (platform default) but it does not request permanent elevated privileges or modify other skills. The skill writes artifacts only under openspec/ in the working directory, which is consistent with its stated function.
Assessment
What this means for you: this skill is a pure process/template—no downloads, no credentials requested, and no hidden endpoints. If you install it, an agent using the skill will read the repository/project files and create or modify files under an openspec/ folder according to the workflow. Two practical precautions: (1) review and approve every proposal/design/tasks step when prompted—the skill emphasizes confirmations but will proceed if you explicitly tell it to skip confirmation (phrases like “直接搞” or “不用确认”); avoid saying those in sensitive contexts. (2) Only enable the skill in projects where it is safe for an agent to read and write repository files (use a sandbox/staging repo if unsure). If you want tighter control, keep it user-invocable only and avoid granting the agent broad repo or external-system permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97es93ghz7qscad2g9dane3ys83yp7t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments