Firm Saas Pack
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the recommended add-ons could grant additional capabilities not contained in this skill.
The skill recommends user-run commands that install additional skills using the latest package version, expanding the reviewed behavior beyond this instruction-only bundle.
npx clawhub@latest install azure-devops ... npx clawhub@latest install auto-pr-merger ... npx clawhub@latest install firm-orchestration
Review each recommended skill separately before installing it, and prefer pinned or trusted versions where possible.
If connected to real repositories or project tools, these workflows could create or change work items or pull request outputs.
The recommended companion workflows can affect development systems such as PRs, Jira, or documentation if the user chooses to install and use them.
npx clawhub@latest install auto-pr-merger # Automated PR workflow npx clawhub@latest install firm-delivery-export # Output → PR / Jira / doc
Use these companion tools only with clear review/approval steps for repository, Jira, or documentation changes.
Information shared with one agent session may be used or viewed in related orchestration sessions.
The skill declares session messaging, spawning, and history access, which are expected for a multi-agent firm orchestration bundle but involve cross-session communication boundaries.
tools: - sessions_send - sessions_spawn - sessions_history
Avoid sharing unnecessary secrets or customer-identifying data in multi-agent sessions, and verify which sessions or agents are involved before use.
Company strategy, sprint plans, or churn-analysis context could persist in the shared workspace and influence later tasks.
The configuration overlay points both the main agent and default agents at a shared workspace, which can retain task context and outputs across SaaS planning workflows.
"workspace": "~/.openclaw/workspace/saas-firm"
Keep the workspace scoped to the intended company/project and periodically review or clean stored outputs containing sensitive business or customer information.