头脑超级风暴1
v1.0.0在任何创造性工作之前必须使用 - 创建功能、构建组件、添加新功能或修改行为。通过协作对话探索用户意图、需求和设计。
⭐ 0· 74·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description describe a collaborative brainstorming/design helper and the SKILL.md implements that. However the instructions include producing a docs file and committing it to git — a capability consistent with the purpose but not declared in the skill metadata (no required binaries or envs listed).
Instruction Scope
Runtime instructions tell the agent to "view current project status (files, documentation, recent commits)" and to write design docs to docs/plans/YYYY-MM-DD-<topic>-design.md and commit them. These are within the stated purpose but involve reading repository files and performing file I/O and git operations; the skill does not explicitly limit or describe how those accesses occur.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer and no external download is required.
Credentials
The skill declares no environment variables or credentials. In practice, committing/pushing changes will require repository access and possibly git credentials (SSH key, token) provided by the agent environment. The skill does not request or document those credentials.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill recommends and requires other sub-skills but does not request persistent elevated privileges or modify other skills' configurations.
Assessment
This skill is coherent for brainstorming and design work, but it expects the agent to read project files and create/commit design documents. Before installing: (1) confirm whether your agent/environment will grant it repository read/write/push access and whether commits will be automatic or require approval; (2) decide if you want the skill to be allowed to read the repo contents (it could see sensitive code or docs); (3) verify the sub-skill core-writing-plans (and any recommended sub-skills) so you understand their behavior; (4) if you prefer, restrict the skill to a sandboxed workspace or require manual confirmation before any git commit/push. If you need more assurance, ask the publisher for explicit details about how it performs file and git operations and whether it will ever contact external endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk97dc70zk7cwf0etmyx7x8drph83w1sb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.