Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (AI workflow: clarify → plan → execute → review) align with the provided code files (clarify.js, plan.js, execute.js, review.js) and examples. The code implements the described stages and does not require unrelated capabilities.
Instruction Scope
SKILL.md stays within the stated workflow and gives no instructions to read system files or call external endpoints. Implementation is local and uses console logging. One operational note: executePlan calls each task.execute() — the skill will run whatever function or action is supplied as a task. Ensure any integration does not pass untrusted or privileged operations as task.execute() to avoid abuse.
Install Mechanism
No install spec (instruction-only skill) and no downloads or package installs. Files are static JS modules; nothing is written to disk by an installer. Low install-related risk.
Credentials
The skill declares no required environment variables, credentials, or config paths, and the code does not read environment variables or secret files. Requested privileges are proportional to its purpose.
Persistence & Privilege
always:false (no forced always-on). The skill does not modify other skills or global agent settings and does not request permanent presence or elevated privileges.
Assessment
This skill appears coherent and low-risk: it implements a local workflow framework (clarify → plan → execute → review), does not request secrets, and contains no network or shell calls. Before installing, verify the source (no homepage provided and README references a placeholder GitHub account) and the author identity (metadata ownerId in the registry differs from _meta.json ownerId). Also review how you'll integrate it: the execute stage will call task.execute() — make sure the agent or callers cannot supply untrusted code or privileged operations as tasks. If you plan to run it in production, test it in a sandboxed environment first and audit any modifications you or your agent make when wiring it into your assistant.Like a lobster shell, security has layers — review code before you run it.
latestvk97fy23326nn72va1z93387n7983sgt8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.