Spec Writer
v1.0.0Generate structured implementation spec documents for coding projects or features. Use when a user provides a requirement, feature idea, bug description, or...
⭐ 1· 178·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description match the instructions: generating structured implementation specs. The runtime instructions only ask for project context (package.json, README, architecture docs, CI config, etc.) and external references when provided — all of which are reasonable for producing a useful spec.
Instruction Scope
The instructions authorize the agent to 'collect information from available sources' and to read project files and docs if accessible, then save SPEC.md in the project. This is appropriate for a spec generator, but broad phrasing could let an agent scan more of the workspace than strictly necessary. It does not instruct reading unrelated system files or exfiltrating data, but you should confirm scope (limit to project directory) before allowing autonomous runs.
Install Mechanism
No install spec and no code files are provided. Being instruction-only means nothing is written to disk by the skill itself beyond the spec it is asked to create at runtime.
Credentials
The skill requests no environment variables, credentials, or config paths. It mentions fetching GitHub issue details only 'if referenced' — fetching private issues would require credentials, but the skill does not declare or request any tokens itself.
Persistence & Privilege
always:false and no requests to modify other skills or global agent settings. The skill instructs saving a SPEC.md in the project (expected behavior) and does not demand permanent presence or elevated privileges.
Assessment
This skill appears coherent and limited to its stated purpose, but review a few operational points before enabling it: 1) Confirm the agent is only allowed to read the intended project directory — the SKILL.md phrase 'collect information from available sources' is broad and could permit scanning unrelated files if not constrained. 2) If you expect the skill to fetch private GitHub issues, provide explicit tokens or paste the issue content yourself — the skill doesn't request credentials, so automatic fetching of private resources won't work unless the agent/platform already has access. 3) Review any generated SPEC.md before handing it to coding agents to ensure it contains no sensitive snippets copied from the repo. 4) If you allow autonomous invocation, consider limiting its workspace/network permissions so the agent can only access the repo and services you intend.Like a lobster shell, security has layers — review code before you run it.
latestvk973xj6qc124a73r14av6wjsnn8302sn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.