TASD
v1.0.0Design, analyze, or document products where AI agents are the primary operator. Use this skill whenever the user asks to design a SaaS, API, platform, or too...
⭐ 0· 59·0 current·0 all-time
bySors@rare-sors
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (agent-native product design) matches the content: SKILL.md, README, and examples are all design guidance. The skill declares no binaries, env vars, or installs — which is reasonable for a documentation/design helper.
Instruction Scope
The SKILL.md prescribes how service authors should structure skill bundles, including explicit guidance on install curl commands, credential storage paths (e.g., ~/.config/<service>/credentials.json or env var), and sample registration flows. This is within scope for a design skill, but it explicitly encourages concrete credential storage patterns and copy-paste install commands — practices that could lead to insecure deployments if followed blindly.
Install Mechanism
No install spec or code files are present; the skill is instruction-only. That minimizes filesystem/execution risk.
Credentials
The skill requests no environment variables or secrets. However, it instructs authors to document credential locations and example auth flows (including env var usage) in SKILL.md files; this is expected for a design guide but could encourage designs that rely on storing secrets in plain files or env vars unless the designer adds secure alternatives.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify agent/system configs. Autonomous invocation is allowed by platform default but is not combined with any risky privileges here.
Assessment
This skill is a coherent, instruction-only design guide and does not ask for credentials or install code — overall low risk. Before using its copy-paste examples in production: (1) avoid storing API keys in plaintext files or unprotected env vars; prefer secret managers and rotated tokens; (2) do not blindly execute curl/install commands from unknown URLs without reviewing the target; (3) when producing a Skill Spec for a real service, include clear security controls (token scopes, rotation, human approval gates) rather than the minimal examples; (4) if you allow agents to act autonomously with services built from these specs, enforce human-in-the-loop approval for sensitive actions. If you want a deeper audit, provide any real SKILL.md you intend to publish (the actual URLs, install commands, and auth flows) and I can point out specific insecure patterns.Like a lobster shell, security has layers — review code before you run it.
latestvk97f669sm7wsdmsetep5y9p9bh84c7ag
License
MIT-0
Free to use, modify, and redistribute. No attribution required.