OpenSpec
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openspec Version: 1.0.0 The skill bundle instructs the AI agent to install a global npm package (`npm install -g @fission-ai/openspec@latest`) as part of its setup in `SKILL.md`. While this action is plausibly needed for the stated purpose of using the OpenSpec CLI tool, installing global packages from external registries introduces a supply chain risk. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence, but the instruction to install external code globally without further scrutiny falls under 'risky capabilities without clear malicious intent'.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The CLI behavior can change when the npm package updates, and the package runs with the user's normal local permissions when used.
The skill directs users to install an external npm CLI globally using `@latest`; this is central to the stated purpose, but it is an unpinned external dependency.
npm install -g @fission-ai/openspec@latest
Install only if you trust the OpenSpec npm package; consider pinning a specific version for reproducible projects.
When invoked, the agent may change local project files and OpenSpec records as part of the requested development process.
The agent workflow includes writing project artifacts, implementing tasks, and archiving with confirmation bypass. This is expected for a development workflow, but it mutates repository state.
Then write the artifact file to `openspec/changes/<name>/`. ... **Implement** tasks from `tasks.md`. ... `openspec archive <name> --yes`
Use version control and review generated tasks, implementation changes, and archive actions before accepting them in important projects.
Repository OpenSpec files may shape what the agent writes or prioritizes during planning and implementation.
Project-local schemas, templates, and config can inject instructions into artifact generation. This is part of the design, but those stored instructions can influence the agent if they come from an untrusted repository.
`instruction` | AI instructions injected when creating the artifact ... Context and rules from `config.yaml` are injected alongside templates when generating artifacts.
Review OpenSpec schemas, templates, and config before relying on them in untrusted or newly cloned projects.
The project may retain Claude/OpenSpec integration files after setup, affecting later agent sessions in that project.
Setup can create persistent Claude integration files in the project. This is disclosed and aligned with the skill's purpose, but it changes future project-level agent behavior.
openspec init --tools claude ... `.claude/skills/` # Auto-generated Claude integration
Review generated `.claude/skills/` files and remove them if you do not want persistent project-level integration.