ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Workspace Project Standard

Project workspace setup and documentation standard for OpenClaw agents. Enforces a three-layer documentation system and self-contained project structure. Tri...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 294 · 1 current installs · 1 all-time installs
by@lnshyo
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description (project workspace & documentation standard) match the SKILL.md content: templates, directory rules, and update triggers all align with a documentation/workspace policy. The skill requests no binaries, env vars, or installs, which is proportionate for a purely procedural standard.
!
Instruction Scope
The runtime instructions tell the agent to run a scaffold script (scripts/new-project.ps1) and to create/move/modify files in the workspace root (AGENTS.md, MEMORY.md, CREDENTIALS.md, projects/*). Editing global workspace files and maintaining credential references are within scope for a workspace standard but expand the agent's write scope to system-level documents — this is notable because it can affect other workflows and may surface or restructure sensitive information.
Install Mechanism
No install spec and no code files beyond templates; nothing is written to disk by an installer. This is the lowest-risk install footprint (instruction-only).
Credentials
The skill declares no required environment variables or credentials, which is appropriate. However, templates and LINKs.md explicitly reference a CREDENTIALS.md and suggest '凭据引用' (credential references). The skill does not request secrets itself but instructs agents to document and reference credentials — review how your environment stores/limits access to CREDENTIALS.md and avoid putting raw secrets into documentation files.
Persistence & Privilege
always is false (good) and autonomous invocation is allowed (normal). The main persistence/privilege concern is that the instructions modify shared workspace root files (AGENTS.md, MEMORY.md, CREDENTIALS.md) and enforce moving files between root and project directories; this grants the skill effective write influence over global workspace state and should be constrained by agent permissions and review policies.
Assessment
This skill is a documentation/workspace policy and appears coherent, but it instructs agents to edit global workspace files and to reference credentials. Before installing: (1) review and trust any scripts it will run (scripts/new-project.ps1) — the skill will run that if present; (2) back up AGENTS.md, MEMORY.md, and CREDENTIALS.md and confirm they do not contain raw secrets you don't want agents to modify; (3) restrict the agent's file-write permissions to only the intended workspace directories if possible; (4) enforce a policy that credentials are stored only in secure secret stores (not in plain CREDENTIALS.md or LINKS.md); and (5) test the scaffold flow in an isolated environment first. If you need help checking scripts/new-project.ps1 or locking down CREDENTIALS.md handling, review those files before enabling autonomous runs.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk97a6adfaqybmp1e8kt7xzvqq581yj6s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Workspace Project Standard

Enforce a self-contained project structure with three-layer documentation.

Directory Rules

DirectoryContainsNever contains
workspace/<name>/Code, scripts, configNotes, AI records
workspace/<name>/tmp/Temp files, experimentsLong-term files
workspace/projects/<name>/AI records (md only)Code, scripts
workspace/ rootSystem files onlyProject files

Principle: projects are self-contained. All output stays inside workspace/<name>/.

Starting a New Project

Run the scaffold script, then fill in the templates:

# Creates full directory structure in one command
scripts/new-project.ps1 -Name "<project-name>"

Then:

  1. Fill in projects/<name>/<name>.md using assets/project-template.md
  2. Fill in projects/<name>/LINKS.md using assets/links-template.md
  3. Add one row to MEMORY.md project table
  4. Add workspace/<name>/ to root whitelist in AGENTS.md

Three-Layer Documentation

Layer 1 — MEMORY.md (one-line summary per project)

| 🚧 | <name> | `projects/<name>/` | <description> |

Update when a major capability is added.

Layer 2 — projects/<name>/<name>.md (project master doc) Required sections: ## 当前进展 ## 关键信息 ## 关键文件路径 ## 文档归档 ## 待用户输入 ## 历史记录

Layer 3 — projects/<name>/LINKS.md (links & paths index) Required: all online URLs, local file tree, credentials reference, run parameters, common commands.

See assets/project-template.md and assets/links-template.md for fill-in templates.

Update Triggers

EventUpdate
New service / API connectedLayer 2 关键信息 + Layer 3
New file createdLayer 2 关键文件路径 + Layer 3
Major feature completeLayer 1 + Layer 2 进展 + 历史记录
Path / config changedLayer 2 + Layer 3 in sync

Workspace Root Whitelist

Only these may exist in workspace/ root:

System files: AGENTS.md SOUL.md MEMORY.md CREDENTIALS.md HEARTBEAT.md SESSION-STATE.md IDENTITY.md USER.md CODING-PERSONA.md TOOLS.md .env package.json package-lock.json

System dirs: memory/ projects/ scripts/ backups/ captures/ config-backups/ tmp/ skills/ node_modules/ .agents/ .clawhub/ .openclaw/ .pi/

Any file not on this list → move to its project's tmp/ immediately.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…