Php Full Stack Developer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: php-full-stack-developer Version: 0.1.0 The skill bundle is designed to enforce a rigorous, governance-backed workflow for an AI agent performing PHP full-stack development. All instructions, including those in `SKILL.md` and `INFO_RUNTIME.md`, guide the agent towards safe, structured, and transparent operations, emphasizing pre-flight analysis, risk assessment, stop-work conditions, and explicit logging of decisions and conflicts. Instructions to read files like `~/.openclaw/workspace/SOUL.md`, `~/.openclaw/workspace/USER.md`, and memory files are for the agent's internal state management and operational context, not for unauthorized data access or exfiltration. There is no evidence of malicious intent, data exfiltration, unauthorized execution, persistence, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may help with changes that can affect production behavior, data integrity, or deployment if the user asks it to do so.
The skill can guide high-impact engineering tasks such as database migrations, deployment, CI, and API changes; this is expected for a full-stack developer skill and is mitigated by the included pre-flight, testing, rollback, and stop-work rules.
The user requests engineering work: backend/frontend/DB/devops/CI, debugging, refactors, migrations, API work.
Review proposed DB, auth, API, CI, and deployment changes carefully, and require explicit test, rollout, and rollback steps before applying high-impact work.
Information stored in workspace memory may influence future agent behavior and may be reused across related tasks.
The skill tells the agent to load persistent workspace memory and profile files, which can improve continuity but may expose sensitive context or carry stale/poisoned instructions across sessions.
On boot, open these workspace files and read in this order ... ~/.openclaw/workspace/SOUL.md ... USER.md ... memory/YYYY-MM-DD.md ... MEMORY.md
Keep secrets, credentials, and unnecessary personal data out of these memory files, and periodically review or prune stored project memory.
If the user approves delegation, task context may be shared with another agent workflow.
The skill allows delegation to another agent, but it frames this as a required question to the user rather than automatic background behavior.
Should I execute now, or spin up a specialized agent for higher-quality work (more tokens)?
Before approving a specialized agent, confirm what context will be shared and avoid including secrets or sensitive data unless necessary.