Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI Auto Dev
v1.0.0AI全自动化编程,Claude Code作为项目经理指挥Builder自动完成编程任务(需求对齐→指令生成→自动执行→验收→文档归档暂存)
⭐ 0· 400·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to automate development (PM + Builder). The SKILL.md requires Builders with full filesystem access and the ability to run npx/node/tsc/python, and even references a config path (~/.codex/config.toml) and settings (ask_for_approval='never', sandbox_mode='danger-full-access'). The registry metadata, however, declares no required binaries, env vars, or config paths—an incoherence: the runtime needs are not reflected in the declared requirements.
Instruction Scope
Instructions ask the agent/Builder to run arbitrary build/test/exec commands, read and write a progress file (.codex-progress.json), spawn background processes, and explicitly instruct disabling approval prompts and enabling 'danger-full-access'. The SKILL.md effectively grants broad discretion to execute arbitrary code and modify project files; it also encourages removing safety confirmations. While these actions map to 'automated dev' purpose, the instruction set goes beyond narrowly scoped automation and instructs lowering safety barriers.
Install Mechanism
There is no install spec (instruction-only), so nothing is written by an installer. However, the doc recommends installing third-party Builders via npm/pip (e.g., @openai/codex, aider-chat) and expects them to be run with full privileges. The lack of declared required binaries in metadata vs. explicit install instructions in SKILL.md is an inconsistency to note.
Credentials
Metadata requests no credentials or env vars, but the runtime asks for access to user config (~/.codex/config.toml), full filesystem permissions, and builders configured to bypass approvals. The skill asks for privileges equivalent to system-level access without declaring or justifying any credentials/environment needs—this is disproportionate and opaque.
Persistence & Privilege
The skill does not set always:true, but it instructs making persistent changes to builder config files and to write/modify project state (.codex-progress.json). Critically, it recommends disabling safety prompts (ask_for_approval='never'), which increases the agent's effective autonomy and blast radius. Those persistent safety-lowering changes are a privilege escalation relative to a normal instruction-only skill.
What to consider before installing
This skill instructs Builders to run arbitrary build/test/exec commands and explicitly recommends disabling safety/approval prompts and enabling a 'danger-full-access' sandbox—actions that let automated code run with full filesystem access. The metadata does not disclose these requirements. Before installing or using this skill:
- Do not run it on a machine that contains secrets, long‑term credentials, or important data.
- Prefer running it only inside an isolated, disposable VM or container with no network access to sensitive services.
- Do not accept or apply configs like ask_for_approval='never' or sandbox_mode='danger-full-access' unless you fully trust the Builder source; keep approval prompts enabled.
- Manually review every generated spec (specs/TASK-*.md) and run commands yourself if you are unsure; avoid 'run_in_background' and automatic background execution.
- Verify any Builder binaries come from trusted sources (official registries) and inspect their ~/.config files before use.
- If you lack ability to audit code or run in isolation, avoid installing this skill. The mismatch between declared metadata and the SKILL.md’s runtime demands is a red flag.Like a lobster shell, security has layers — review code before you run it.
latestvk977c19h9x27q5nhbhjc8rk35181vhyb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.