Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Chief Feature Workflow
v1.0.2Create and implement new features in Chief-managed projects using the Chief CLI. Use when asked to create a new PRD, implement a feature with Chief, set up a...
⭐ 1· 391·0 current·0 all-time
byLuiz Gustavo Nogara@nogara
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description describe creating and implementing features using the Chief CLI and all runtime instructions are about running chief, creating worktrees, committing PRD/progress files, and opening PRs. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope
The SKILL.md instructs the agent to run the Chief CLI (chief new / chief <prd-name>), spawn subagents to run long-lived interactive sessions (PTY), press keys/approve prompts, run verification commands (make test, pnpm typecheck), commit/push and open PRs. This is within the stated purpose, but it implies the agent (and the Chief/Claude Code service) will read and send repository content and test outputs to the AI backend — a potential data-exposure consideration that is expected for this workflow.
Install Mechanism
No install spec or code files are included (instruction-only). Nothing is downloaded or written by the skill itself, so there is no installation risk introduced by the skill bundle.
Credentials
The skill declares no required env vars, credentials, or config paths. The workflow assumes local tools (git, gh, chief) and existing repository/remotes are available; those are proportionate to the described tasks. Note: creating/pushing PRs requires Git/GitHub credentials already present in the environment, but the skill does not request or attempt to access them explicitly.
Persistence & Privilege
always:false and default autonomous invocation are used; the skill does not request permanent presence or modify other skills. The recommendation to spawn subagents allows long-running autonomous work, which increases operational reach but is consistent with the described feature-implementation workflow.
Assessment
This skill is coherent for automating Chief-based feature work, but review these practical points before installing: (1) Chief runs Claude Code and will observe repository contents and test outputs — do not use it on repos with secrets or sensitive data unless you accept that exposure. (2) The workflow expects git/gh credentials already configured; opening PRs will use those credentials and publish branches to your remote. (3) Spawning autonomous subagents can run long-lived processes and consume API/model credits — start with a small test PR in a safe repo or fork to confirm behavior. (4) If you don't already trust chiefloop.com / the Chief project, review their code/docs and run the CLI locally first. If you want more assurance, ask the publisher for a canonical homepage/repository link and verify the Chief CLI release sources before giving the skill network or repo-level access.Like a lobster shell, security has layers — review code before you run it.
ai-devvk97bdq6xe1vw6vevkdpd0eh7b981yjhdchiefvk97bdq6xe1vw6vevkdpd0eh7b981yjhdfeaturevk97bdq6xe1vw6vevkdpd0eh7b981yjhdgitvk97bdq6xe1vw6vevkdpd0eh7b981yjhdlatestvk970f95t5pbgrj6bg9p0df28r181ynr1prdvk97bdq6xe1vw6vevkdpd0eh7b981yjhdworkflowvk97bdq6xe1vw6vevkdpd0eh7b981yjhd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.