Fully Automated Collaborative Code Development Pipeline
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: auto-collaboration-dev-pipeline Version: 1.0.1 The skill implements a comprehensive multi-agent software development pipeline (Requirements, Architecture, Dev, QA, Review, Docs) using OpenClaw's session spawning capabilities. The logic is strictly focused on automating the software development lifecycle within a project workspace, and the instructions in SKILL.md and the reference templates are consistent with this purpose. No evidence of data exfiltration, malicious execution, or unauthorized system access was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may proceed through the whole development pipeline without pausing to confirm intermediate choices.
The skill changes the agent’s interaction pattern by suppressing mid-process confirmations. This is disclosed and central to the workflow, but users should understand the automation level.
Fully automated advancement; do not ask the user for confirmation. Report a progress summary after each phase is completed.
Use it when you want hands-off code generation; if you need checkpoints, explicitly ask the agent to confirm before writing or changing files.
Generated files may be created in the workspace and could conflict with existing project files if names overlap.
The workflow authorizes file creation for generated code and documentation. This is expected for a development pipeline and scoped to a project directory, but it can still affect local workspace contents.
Each phase's output is written into the `{workspace}/<project-name>/` directory. All code files are organized under this directory.Run it in a new or clearly named project directory, and request overwrite confirmation if working inside an existing project.
Any code, requirements, or project details provided to the workflow may be shared across its sub-agent prompts.
The skill passes project context, generated code, and reports between spawned sub-agents. This is required for the stated multi-agent workflow, and the artifacts specify one-shot execution and cleanup.
Each phase's sub-agent receives the complete output of the previous phase... All sub-agents are invoked using `sessions_spawn`
Avoid including secrets in requirements or code input, and review generated artifacts before using them in sensitive projects.
Hidden or unusual characters could obscure what a skill says, although no harmful hidden instruction is evident in the provided artifacts.
The supplied scan context reports Unicode control characters. The visible content appears coherent and benign, but unusual hidden formatting can make review harder.
Pre-scan injection signals: unicode-control-chars
If installing, prefer reviewing the raw Markdown source or a normalized copy before trusting the workflow.