ClawHub

Workflow Execution

v1.0.0

Plan-first workflow for non-trivial work: plan with done criteria, create a tracking issue, package context as documents on the issue, decide where code live...

0· 34·0 current·0 all-time
by@levineam
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a plan-first workflow for non-trivial work; the SKILL.md and reference files only describe creating issues, attaching plan/design/context documents, choosing repo destinations, and spawning executing agents. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
Runtime instructions stay within the workflow's scope: create/read/update tracking issues, attach documents, spawn or message agents, and update progress. The skill tells agents to read issue bodies, comments, or local plan files (expected for a tracker-based workflow). It does not ask the agent to scan unrelated system files or exfiltrate data.
Install Mechanism
There is no install spec and no code files — lowest-risk model. Everything is instruction-only and will not drop archives or binaries on disk.
Credentials
The skill declares no required environment variables or credentials. It references use of tools/APIs (e.g., `gh` CLI, GitHub API, Paperclip API) which in practice require authentication; that is expected for this purpose, but the skill does not request or manage tokens itself.
Persistence & Privilege
always:false (default); the skill may be invoked autonomously (platform default) which is normal for an execution/handoff workflow. The skill does not request persistent agent-level privileges or modify other skills' configs.
Assessment
This skill is coherent and instruction-only, but review operational details before use: (1) The workflow expects you to use trackers and CLIs (GitHub, Paperclip, or local files); those systems will require API tokens—limit token scopes and keep them out of plan documents. (2) Do not put secrets (passwords, private keys, credentials) in issue bodies, comments, or local plan files; treat plan documents as potentially readable by project collaborators. (3) Ensure any executing agent you spawn has least privilege for repo/issue operations and review audit logs for automated actions. (4) Confirm tools the skill references (e.g., gh) are installed and authenticated in your environment; the skill itself won't install or manage those. If you need the skill to perform sensitive automation, validate agent permissions and token scopes in your CI/agent platform first.

Like a lobster shell, security has layers — review code before you run it.

latestvk9701dm5m7k9ayf2xdc277nwh9846xrk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments