AI PM Agent
v1.0.0AI-powered product management workflow agent. Use when the user wants to do product discovery, write PRDs, prioritize features, design experiments, plan laun...
⭐ 0· 82·0 current·0 all-time
byJahonn Ding@jahonn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (PM workflows: discovery, PRDs, prioritization, experiments, GTM) matches the SKILL.md and the two reference files. The skill requests no binaries, no env vars, and no install — all reasonable for an instruction-only PM drafting agent.
Instruction Scope
The SKILL.md is explicit about spawning phase-specific subagents and reading/writing four project files (DISCOVERY.md, PRD.md, EXPERIMENT.md, GTM.md). That is consistent with its purpose. Note: the instructions give subagents latitude to ask questions and 'challenge assumptions' (expected for a PM workflow), and they read/write files in the project root — if the agent has broader workspace access in your environment it could potentially read other files, but the skill itself only references the listed files.
Install Mechanism
No install spec and no code files are included (instruction-only). This is lowest-risk for installation because nothing will be downloaded or written by an installer.
Credentials
The skill declares no required environment variables, credentials, or config paths. That aligns with the described functionality (document drafting and structured PM workflows).
Persistence & Privilege
always:false (no forced inclusion). disable-model-invocation:false (agent may invoke autonomously) — this is the platform default and appropriate for an interactive workflow agent. The skill does not request persistent system-wide privileges or modify other skills.
Assessment
This skill appears coherent and safe in structure, but review the following before installing: (1) The agent will create and read the four project files in the workspace root — avoid running it in a directory that contains sensitive or unrelated files. (2) Don't paste secrets, API keys, or proprietary data into problem statements or supporting documents the agent will read. (3) The skill spawns subagents and chooses internal models (Sonnet/Haiku); verify those model names map to your environment's expected models and policies. (4) Because autonomous invocation is allowed by default, run an initial dry-run with non-sensitive inputs and confirm outputs and prompts behave as expected before granting broader access. (5) The skill's content promises 'evidence-based' personas and market estimates — those will be generated by the model and can be fabricated; always validate critical claims with real data.Like a lobster shell, security has layers — review code before you run it.
latestvk970a6vfbt1xg09681etehgpm98387bg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.