ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Developer Agent

Orchestrates software development by coordinating with Cursor Agent, managing git workflows, and ensuring quality delivery. Use when implementing development...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 628 · 4 current installs · 4 all-time installs
byVigen Pouya@47vigen
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (developer orchestration, git workflows, Cursor coordination) matches the instructions. However, it instructs use of runtime tools (git, pnpm) but declares no required binaries; that mismatch suggests either sloppy metadata or hidden requirements. Asking to include all user links/attachments when sending to Cursor is consistent with planning/implementation, but this broad forwarding should be explicit in metadata.
!
Instruction Scope
Runtime instructions direct the agent to 'explore the codebase thoroughly' and to send 'ALL user-provided links and attachments' to Cursor. That implies reading repository files and transmitting user attachments to another agent/model. The guidance 'Respect Cursor's output — Present Cursor's plan as-is. Never modify or restructure.' prevents the agent from sanitizing or redacting Cursor output before returning it to the user. These behaviors risk unintended exposure of sensitive files/attachments and remove an opportunity to sanitize outputs.
Install Mechanism
No install spec and no code files — lowest technical risk (nothing is written to disk by the skill). The instruction-only nature reduces supply-chain risk.
Credentials
The skill requests no environment variables, credentials, or config paths. Given the declared purpose, that is reasonable. Note however the instructions require networked coordination with Cursor and access to the codebase; those are runtime permissions rather than declared secrets.
Persistence & Privilege
always:false and no persistent install are appropriate. The skill allows normal autonomous invocation (platform default); combined with the instruction to forward attachments and code context to Cursor this raises the potential blast radius, but autonomous invocation on its own is expected and not flagged here.
What to consider before installing
This skill mostly does what it says (orchestrating development with Cursor and git), but there are gaps and privacy risks you should consider before enabling it: - Confirm where 'Cursor' runs and who/what can access data forwarded to it. The skill instructs sending ALL user-provided links and attachments to Cursor — that can leak sensitive files or secrets if those attachments contain credentials or private data. - The SKILL.md instructs running git and pnpm commands, but the metadata declares no required binaries. Ensure the agent environment actually has git and pnpm available and that the agent is only given access to repositories you are comfortable sharing. - The rule 'Respect Cursor’s output — Never modify' prevents sanitization of Cursor-generated plans. If Cursor might echo secrets or sensitive file contents, you lose an opportunity to redact them. - If you plan to use this skill on private or sensitive codebases, test it first in a sandbox repository. Restrict the agent's repository access and avoid sending confidential attachments. - Ask the skill author (or registry maintainer) to: (1) declare required binaries (git, pnpm), (2) document where Cursor executions occur and who controls those models/hosts, and (3) clarify whether attachments are stored or relayed outside your environment. If the author can confirm Cursor is an internal, trusted component and update metadata to list required tools, the concerns become minor. Without that info, treat this as potentially exposing sensitive artifacts and proceed cautiously.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9720kmg45kqp544cy7qptkw8181n0h9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Developer Agent

Orchestrate software development by coordinating with Cursor Agent, managing git workflows, and ensuring quality delivery through structured stages.

Core Principles

  1. Understanding first — Never proceed without 100% understanding. Ask targeted questions when unclear.
  2. Minimal Cursor prompting — Provide only essential information. Let Cursor use its creativity.
  3. Respect Cursor's output — Present Cursor's plan as-is. Never modify or restructure.
  4. Build before commit — Always run pnpm build and verify success before committing.
  5. Approval required — Wait for explicit user approval of plans before implementation.
  6. Right tool for the job — Assess complexity and select appropriate model (see references/model-selection.md).
  7. Complete the pipeline — Monitor all deployment stages until full completion.

Workflow Overview

Requirement → Understand (100%) → Git Setup → Assess Complexity
    → [Simple] Direct implementation → Self Review → Build → Commit
    → [Complex] Cursor Agent → Plan → User Approval → Implement → Self Review → Build → Commit
    → Merge → Monitor Pipelines → Final Report

See references/workflow-details.md for the complete decision tree.

Stage 1: Requirement Comprehension

  1. Read and analyze the requirement.
  2. Explore the codebase thoroughly.
  3. Identify affected components and dependencies.
  4. Assess understanding.

If understanding < 100%: Ask specific questions, request clarifications, explore more. Loop until clarity achieved.

If understanding = 100%: Proceed to Stage 2.

Stage 2: Git Environment Setup

git checkout staging
git pull origin staging
git checkout -b feature/[descriptive-task-name]

Verify branch created. Proceed to Stage 3.

Stage 3: Task Complexity Assessment

Simple (implement directly):

  • Few lines of code (< 10)
  • URLs, links, text, or config changes
  • Single-file minor changes

→ Jump to Stage 7 (Self Review).

Medium to Advanced (use Cursor Agent):

  • Structural changes, new features
  • Multi-file modifications
  • Logic changes or refactoring

→ Proceed to Stage 4.

Stage 4: Planning Decision

No planning needed: Single feature, clear changes, limited scope (2–3 files). → Select implementation model. Jump to Stage 6.

Planning required: Multiple features, architectural changes, cross-cutting concerns. → Proceed to Stage 5.

Stage 5: Plan Creation via Cursor

  1. Select planning model per references/model-selection.md.
  2. Prepare minimal prompt. See references/cursor-guidelines.md.
  3. Send to Cursor with ALL user-provided links and attachments.
  4. Retrieve Cursor's complete output.
  5. Present to user with header: "📋 IMPLEMENTATION PLAN (Generated by Cursor [Model Name]):"
  6. Pause. Wait for explicit approval.

If rejected: Return to Stage 1.

If approved: Proceed to Stage 6.

Stage 6: Implementation via Cursor

  1. Select implementation model per references/model-selection.md.
  2. Send to Cursor: approved plan + all user links/attachments.
  3. Let Cursor implement. Proceed to Stage 7.

Stage 7: Self Review

Checklist:

  • All requirements implemented?
  • Code follows project standards?
  • No bugs or logical errors?
  • Edge cases handled?
  • Performance optimized?
  • Security addressed?
  • Comments and documentation added?
  • Code clean and maintainable?

If any fails: Return to Stage 6, fix, review again.

If all pass: Proceed to Stage 8.

Stage 8: Build Verification

pnpm build

If build fails: Fix issues, return to Stage 6 or 7, run build again.

If build succeeds: Proceed to Stage 9.

Never commit code that fails to build.

Stage 9: Git Operations

git add .
git commit -m "[type]: clear description of changes"
git push origin [branch-name]
git checkout staging
git merge [branch-name]
git push origin staging

Commit types: feat, fix, refactor, style, docs, chore.

Stage 10: Deployment Pipeline Monitoring

Monitor in order until all complete:

  1. Release pipeline
  2. Build pipeline
  3. Deploy pipeline

Do not proceed until all pipelines complete successfully.

Stage 11: Final Report

Deliver report including:

  • Changed files
  • Branch information (name, base, status)
  • Build verification (local success, time)
  • Build & deploy statistics
  • Release information (version, time, environment)
  • Summary of implementation

Resources

  • Workflow details and decision tree: references/workflow-details.md
  • Model selection matrix: references/model-selection.md
  • Cursor interaction guidelines: references/cursor-guidelines.md
  • Final report template: references/report-template.md

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…