office-hours
v1.0.0YC式产品思维办公室。用第一性原理拆解产品想法,通过六问逼问法验证需求真伪, 挑战前提假设,生成多种实现方案。输出设计文档而非代码。 Use when: 用户说"帮我想想这个点子"、"这个值不值得做"、"brainstorm"、 "产品规划"、"需求分析"、"帮我理清思路",或描述一个新的产品/功能想法时。 在任...
⭐ 1· 398·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and the SKILL.md all describe a conversational product-design workflow (questions, templates, design-doc output). The skill declares no binaries, env vars, or installs — all of which is proportional and expected for a purely instructional product-advice assistant.
Instruction Scope
Runtime instructions keep scope to asking questions, challenging assumptions, and producing design documents (explicit rule: do not write code). The doc suggests asking about a user's repo only to 'quickly understand project background' but does not instruct the agent to read local files or fetch secrets. Recommend the skill be explicit that it should only use repo links the user provides and must not attempt to access private systems automatically.
Install Mechanism
No install spec or code files are present; this is the lowest-risk form (instruction-only). Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requires no environment variables, credentials, or config paths. There is no request for unrelated secrets or system access, which is proportionate to its stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent system presence or cross-skill configuration changes. Autonomous invocation is allowed by platform default but the skill does not request elevated privileges.
Assessment
This skill is an instruction-only design-helper and appears coherent with its stated purpose. Before installing: be aware that autonomous invocation is allowed by default on the platform (normal), so review responses the first few times to confirm it follows the 'no code' rule. If you intend to share a code repository or private materials during a session, only provide links you control and do not give access tokens or credentials — the skill's instructions do not request automatic file/system access, but you should avoid pasting secrets into the chat. If you want extra safety, ask the skill to explicitly confirm it will not open or fetch private repos or run commands.Like a lobster shell, security has layers — review code before you run it.
latestvk971p3me6axsj4yzbn5cd9kcc983az9s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.