ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

BMad Method

v1.0.2

Use BMad (Breakthrough Method of Agile AI Driven Development) framework for AI-driven development. Use for: architecture analysis, sprint planning, story gen...

0· 642·2 current·2 all-time
by@leonaaardob
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (BMad Method for AI-driven development) match the skill content: it orchestrates agent workflows, reads project files, and depends on a coding-agent/Claude Code runtime. Requiring Claude Code and a local claude binary is consistent with the described capabilities.
!
Instruction Scope
SKILL.md tells the agent to run an external npm installer (npx bmad-method install), scan and read the project codebase, and automatically interact with interactive prompts via process actions. Critically, it recommends using flags like --dangerously-skip-permissions or --permission-mode bypassPermissions and automating 'submit' responses to prompts. Those instructions expand the agent's authority (automatic approvals, suppressed permission checks) beyond typical 'read-and-suggest' duties and could allow unattended code execution or make it easier for malicious install scripts to run without intervention.
Install Mechanism
The skill itself is instruction-only (no install spec), but it explicitly instructs users/agents to run 'npx bmad-method install' which downloads and extracts code from npm into your project directory. Using npm (npx) is a common distribution mechanism and plausible here, but it performs arbitrary code installation in the caller's filesystem — review of the npm package and its install scripts is necessary before running. The SKILL.md warns to review the package, which is good, but the installer step is high-impact and outside the platform's control.
Credentials
The skill does not request environment variables or credentials in the registry metadata, which is proportionate. However, the SKILL.md recommends bypassing Claude Code permission prompts and auto-approving interactive install prompts; that effectively reduces runtime checks and could allow network access or credential use by installed code without expected oversight. No explicit env/credential demands were found in the files, but the installer could introduce such requirements after being run.
Persistence & Privilege
always:false and no declared config paths mean this skill does not demand platform-level persistence. However, the installer will create persistent project artifacts (/_bmad, _bmad-output, _bmad/_config etc.) and supports .customize.yaml files that can define 'critical_actions' and persistent 'memories' for agents. Those artifacts provide persistent behavior in a project repository and can cause agents to run custom startup actions — review any generated customization files to prevent unexpected persistent automation.
What to consider before installing
This skill appears to do what it claims (a local AI-driven development framework), but it requires you to run an external npm installer and its documentation explicitly recommends suppressing permission prompts and automating prompt replies — both risky. Before installing or running the recommended commands: - Inspect the npm package before running npx: check the package repository, package.json, and any install/postinstall scripts for unexpected actions. - Avoid using flags that skip permission checks (for example, --dangerously-skip-permissions or bypassPermissions). Those bypass the runtime's safety mechanisms and make it easier for installer code to execute sensitive actions without explicit consent. - Do the initial install and eval in an isolated environment (throwaway repo, container, or VM) so you can audit created files (_bmad, _bmad-output) before integrating them into real projects. - Monitor any interactive prompts rather than auto-submitting 'yes' blindly. The SKILL.md's examples encourage auto-approval for convenience, but automatic approvals can inadvertently accept harmful operations (e.g., running arbitrary scripts, overwriting files, or pushing code). - Audit generated customization files (.customize.yaml) and any 'critical_actions' before allowing them to run persistently — these can make agents perform actions automatically on startup. - If you don't trust the npm package or the claude binary, do not install. If you need to proceed, ask for the package repository URL or package contents and have someone with npm security experience review install scripts and network behavior first. If you want, I can: (a) list concrete checks to run on the npm package.json and typical install scripts, (b) suggest an isolated container/VM install command template, or (c) scan any provided package.json or postinstall scripts for red flags.

Like a lobster shell, security has layers — review code before you run it.

agilevk9775g8bn22gnr68bra26apkt981nmx1architecturevk9775g8bn22gnr68bra26apkt981nmx1bmadvk9775g8bn22gnr68bra26apkt981nmx1claude-codevk9775g8bn22gnr68bra26apkt981nmx1coding-agentvk9775g8bn22gnr68bra26apkt981nmx1developmentvk9775g8bn22gnr68bra26apkt981nmx1latestvk9701zp2q0s1rb6v0e0q5fcz7s81nbxvsprint-planningvk9775g8bn22gnr68bra26apkt981nmx1storiesvk9775g8bn22gnr68bra26apkt981nmx1workflowvk9775g8bn22gnr68bra26apkt981nmx1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments