ClawHub

feature-modification-workflow

v1.0.0

Structured workflow to analyze, plan, and execute feature modifications by scenario complexity, ensuring controlled, incremental, and risk-aware changes.

0· 63·1 current·1 all-time
byliancheng@liancheng-zcy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (feature modification workflow) align with the SKILL.md: the instructions focus on analyzing code, proposing plans, and making controlled changes. There are no unrelated environment variables, binaries, or installs requested.
Instruction Scope
The SKILL.md explicitly directs the agent to read project structure and 'full source of all included files' for complex scenarios. That breadth is coherent for deep feature work, but it grants the agent wide read access to the repository (which may contain secrets or sensitive data). The instructions do not ask for unrelated system files, environment variables, or external endpoints beyond standard documentation review.
Install Mechanism
No install specification or code files are included; this is instruction-only so nothing will be written to disk or downloaded during install.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to an analysis-and-edit workflow that runs inside the agent.
Persistence & Privilege
always is false and the skill is user-invocable; model invocation is allowed (the platform default). There is no request to modify other skills or system-wide settings.
Assessment
This skill is coherent and appears to do what it says: analyze code and follow a staged workflow for changes. Before installing or running it: (1) confirm the skill source (homepage is unknown) — prefer skills from known publishers; (2) be aware it instructs the agent to read the entire repository for complex tasks, so avoid running it on repos with unredacted secrets or PII; (3) require explicit, human confirmation before the agent performs changes or pushes commits (the SKILL.md recommends this for complex work); and (4) monitor audit logs or diffs for any unexpected file reads or network activity. If you need stronger guarantees, ask the skill author for provenance or a minimal-scope version that only reads specified files.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fenhze10bdaw60sp1we4jcx83wpgz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments