Php Full Stack Developer
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only PHP development skill is coherent and safety-oriented, with noteworthy use of persistent workspace memory and optional agent delegation that users should understand.
This skill appears safe to install if you want a governance-oriented PHP development assistant. Be aware that it may read and write OpenClaw workspace memory/log files and may ask to delegate work to a specialized agent. Do not store secrets or sensitive personal data in its logs or memory, and review any proposed database, auth, API, CI, or deployment changes before applying them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may help with changes that can affect production behavior, data integrity, or deployment if the user asks it to do so.
The skill can guide high-impact engineering tasks such as database migrations, deployment, CI, and API changes; this is expected for a full-stack developer skill and is mitigated by the included pre-flight, testing, rollback, and stop-work rules.
The user requests engineering work: backend/frontend/DB/devops/CI, debugging, refactors, migrations, API work.
Review proposed DB, auth, API, CI, and deployment changes carefully, and require explicit test, rollout, and rollback steps before applying high-impact work.
Information stored in workspace memory may influence future agent behavior and may be reused across related tasks.
The skill tells the agent to load persistent workspace memory and profile files, which can improve continuity but may expose sensitive context or carry stale/poisoned instructions across sessions.
On boot, open these workspace files and read in this order ... ~/.openclaw/workspace/SOUL.md ... USER.md ... memory/YYYY-MM-DD.md ... MEMORY.md
Keep secrets, credentials, and unnecessary personal data out of these memory files, and periodically review or prune stored project memory.
If the user approves delegation, task context may be shared with another agent workflow.
The skill allows delegation to another agent, but it frames this as a required question to the user rather than automatic background behavior.
Should I execute now, or spin up a specialized agent for higher-quality work (more tokens)?
Before approving a specialized agent, confirm what context will be shared and avoid including secrets or sensitive data unless necessary.