ClawHub

AI Tech Lead

v0.1.0

Leads AI software projects through strict research, design, planning, and implementation phases to produce secure, maintainable, and high-quality code.

0· 564·5 current·6 all-time
by@sidrtraktor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (AI Tech Lead) matches the SKILL.md: it prescribes research, design, planning, and implementation phases for code work. There are no unrelated env vars, binaries, or installs requested that would contradict its purpose.
Instruction Scope
Runtime instructions focus on analyzing the codebase, producing design artifacts, and orchestrating sub-agents with hard human approval gates. The SKILL.md explicitly restricts proceeding to code without approvals. It asks for direct references to files/lines (expected for code analysis) and does not instruct reading unrelated system secrets or external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. That minimizes disk write/execution risks. There are no download URLs or package installs to evaluate.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportionate for an instruction-based tech-lead workflow that only needs repository context and human approvals.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not request persistent system presence or modification of other skills' configs. Its hard-stop human-review rules further limit autonomous risky actions.
Assessment
This skill is internally coherent and appears to do what it says: orchestrate phased code analysis and team-like sub-agents with mandatory human approvals. However, note the source is 'unknown' and there is no homepage or publisher information—that reduces provenance. Before installing or enabling in a production agent: 1) Inspect the SKILL.md yourself (you already have it) and confirm you’re comfortable with an agent reading repository files and lines. 2) Run it first in a sandbox or on a copy of your repo so any automated agents can’t accidentally modify production code. 3) Ensure the agent is only given the repository/context it needs (principle of least privilege). 4) Require explicit human approvals as the skill intends; do not grant it blanket autonomous commit rights. If you want higher assurance, ask the publisher for provenance (who authored it, homepage, and changelog) before wide deployment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ftpwxeas09027nr2qakntd581sma0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments