SDD Writing Plans
v1.0.0当有规格说明或需要多步骤任务的需求时,在编写代码之前使用。根据 spec-design.md 生成可执行的 spec-plan.md。
⭐ 0· 104·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to generate spec-plan.md from spec-design.md and all declared requirements and instructions (reading workspace config, locating spec-design.md, scanning project files for context, writing spec-plan.md) are consistent with that purpose. It requests no unrelated credentials, binaries, or external installs.
Instruction Scope
Instructions require reading .sdd-workspace and scanning files under {workspace}/spec/ and related source files to derive plans and validation commands. This is coherent for generating an executable plan, but it does mean the skill needs read access to the project workspace (source/spec files). It does not instruct the agent to exfiltrate data or call external endpoints itself — it only mandates that generated checks be CLI/curl/script commands.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install profile. Nothing is downloaded or written by an installer beyond the eventual spec-plan.md output described in the workflow.
Credentials
The skill declares no environment variables, credentials, or config paths beyond the workspace config file (.sdd-workspace) and standard repo paths. The workspace/file access requested is proportional to producing a project execution plan.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or to modify other skills or system-wide settings. It writes a single artifact (spec-plan.md) into the same directory as the spec-design.md after user confirmation, which matches its stated behavior.
Assessment
This skill appears internally consistent: it needs read access to your project workspace (it reads .sdd-workspace and scans files under {workspace}/spec/) and will produce a spec-plan.md next to the chosen spec-design.md after you confirm. It does not request credentials or install code. Before installing, confirm you are comfortable granting the agent read access to the project's spec and source files; also be aware the generated checks may include curl/CLI commands that reference your environment (placeholders like TOKEN are allowed, but the skill itself does not fill or use secrets). If you want stricter limits, only invoke the skill on a copy of the repo or a workspace containing only the spec files you want it to read.Like a lobster shell, security has layers — review code before you run it.
latestvk97drkmm318eys9v5enjk0ax2s8324dn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.