ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GStack Dev Workflow

v1.0.0

Structured development workflow inspired by Garry Tan's gstack. Use when the user wants to build a feature, start a project, do a code review, or ship code w...

0· 75·0 current·0 all-time
byJahonn Ding@jahonn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: it's a 6-phase dev workflow that reads/writes DESIGN.md and PLAN.md, spawns role-based subagents, runs build/test/review/ship steps. No requested env vars or binaries are declared, which is plausible for an instruction-only workflow, but the instructions assume access to git, test runners (npm/pytest), and a 'browser' tool that may not be present.
!
Instruction Scope
The SKILL.md instructs the agent to run repository-changing actions (implement code, commit per milestone, auto-fix, run git pull/rebase, push, open PRs), to execute tests (npm/pytest), and to open the app in a real browser and click through flows. These actions can read/write project files, interact with remote services, and modify source control. While coherent with the stated purpose, they grant the agent broad write-and-network capabilities and should only be allowed with explicit user consent and appropriate safeguards.
Install Mechanism
Instruction-only skill with no install spec or code files. This is low-risk from an install perspective — nothing is downloaded or written at install time.
!
Credentials
The skill declares no required credentials, yet the Ship/Review/Test phases imply use of remote git operations, opening PRs, and potentially interacting with external services (CI, hosting, browsers). These operations typically rely on stored credentials (git config, SSH keys, GH_TOKEN, etc.). The absence of declared env vars or explicit instructions for obtaining credentials reduces transparency and could lead to unexpected use of developer credentials already present in the environment.
Persistence & Privilege
always:false (normal). The skill is authorized to run autonomously by default (disable-model-invocation:false), spawn subagents, write files to project root, auto-commit, and (per instructions) push to remotes. These are legitimate for a dev workflow but have meaningful side effects — users should confirm whether the agent may perform network pushes or should be limited to local/dry-run operation.
What to consider before installing
Before installing or invoking this skill, consider the following: - This skill will create and modify files (DESIGN.md, PLAN.md, code, tests), make commits, and may push branches and open PRs against your remote repositories. If you don't want automated pushes, restrict the skill to read-only or require manual approval before pushing. - The SKILL.md expects tools and credentials (git, npm/pytest, a browser automation tool, and access to git remotes). The skill does not declare required environment variables for remote auth; it may therefore use any existing credentials configured on the host. Ensure your local git credentials, tokens, or SSH keys are appropriate or run the skill in a sandboxed environment. - Because the skill can auto-fix code and commit changes, review outputs (diffs) before merging or shipping. Configure the agent to request explicit user confirmation for write/push operations if possible. - If you will let it run browser automation, be aware that it can interact with external web UIs and may submit real data; run that step against a development/staging instance when testing. - Recommended mitigations: run the skill on a disposable clone, disable automatic pushing (require manual PR creation), restrict network access or use least-privilege tokens, and review the included prompts and any generated commits before merging. If you want a safer posture, ask the skill to run in 'plan-only' or 'review-only' mode (no commits/pushes) or request an explicit confirmation step before any network or push action.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e4dwtv00j931qdcjtzfsfwx839wsk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments