ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Brainstorming

v0.1.0

You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requi...

0· 161·0 current·0 all-time
by@liuhe12
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (brainstorming + visual companion) match the included files: a small local Node HTTP/WebSocket server, helper client script, and UI template. However the runtime expects Node and performs git commits and file writes to the project (docs/superpowers/specs/...), yet the skill declares no required binaries or environment — an omission that should be clarified.
!
Instruction Scope
SKILL.md instructs the agent to 'check files, docs, recent commits', write spec files into docs/superpowers/specs/YYYY-... and commit them, start a local server, watch a session directory, and read/write a .events file. Those actions involve scanning repository history, reading project files, writing files, and performing commits — all beyond a purely conversational helper and require explicit user consent and appropriate environment safeguards.
Install Mechanism
There is no install spec (instruction-only), which limits automatic installation risk. But the bundle includes executable scripts that run node server.cjs and shell scripts that background processes; Node.js and a shell are implicit runtime requirements that are not declared. That mismatch is worth noting.
!
Credentials
The skill requests no env vars, yet the scripts read/process env vars (BRAINSTORM_DIR, BRAINSTORM_HOST, BRAINSTORM_URL_HOST, BRAINSTORM_OWNER_PID) and will create files under /tmp or under the project (.superpowers/brainstorm/). It also expects to be able to commit to the repo (git) and to access recent commits. File-system write/read and repo commit privileges are significant and are not called out in the declared requirements.
!
Persistence & Privilege
The skill launches a background HTTP/WebSocket server that serves files from a session directory and can be configured to bind non-loopback interfaces (0.0.0.0). That introduces a network-exposure risk (serving project files or mockups to the network). 'always' is false, but since the agent can invoke the skill autonomously, it could start/stop the server during a session — ensure this is acceptable and that the server is run in a safe environment.
What to consider before installing
This skill is functionally coherent with a brainstorming + visual companion workflow, but it runs a local Node-based server, writes files into your project, and expects to create/commit spec files. Before installing or running: 1) Confirm you trust the skill owner and review the included scripts (server.cjs, start/stop scripts, helper.js, frame-template). 2) Ensure Node.js and a shell are available and that you want an AI to write files and run commits in your repo (it will write to docs/superpowers/specs/ and may run git). 3) Prefer using --project-dir so files are placed under a controlled path, add .superpowers/ to .gitignore, and run the server in an isolated environment (container or VM) if you are worried about network exposure. 4) If you must run it on a remote/container host, avoid binding to 0.0.0.0 unless you intend to expose the UI; prefer localhost. 5) If you need a more conservative install, ask the skill author to declare required binaries (node, git), document exactly what is committed, and provide an opt-in confirmation step before any commits or server starts.

Like a lobster shell, security has layers — review code before you run it.

latestvk9771w95ram3259xh0fpzkhwjh8374hb
161downloads
0stars
1versions
Updated 2h ago
v0.1.0
MIT-0
@liuhe12
latest
Download

Brainstorming Ideas Into Designs

Help turn ideas into fully formed designs and specs through natural collaborative dialogue.

Start by understanding the current project context, then ask questions one at a time to refine the idea. Once you understand what you're building, present the design and get user approval.

<HARD-GATE> Do NOT invoke any implementation skill, write any code, scaffold any project, or take any implementation action until you have presented a design and the user has approved it. This applies to EVERY project regardless of perceived simplicity. </HARD-GATE>

Anti-Pattern: "This Is Too Simple To Need A Design"

Every project goes through this process. A todo list, a single-function utility, a config change — all of them. "Simple" projects are where unexamined assumptions cause the most wasted work. The design can be short (a few sentences for truly simple projects), but you MUST present it and get approval.

Checklist

You MUST create a task for each of these items and complete them in order:

  1. Explore project context — check files, docs, recent commits
  2. Offer visual companion (if topic will involve visual questions) — this is its own message, not combined with a clarifying question. See the Visual Companion section below.
  3. Ask clarifying questions — one at a time, understand purpose/constraints/success criteria
  4. Propose 2-3 approaches — with trade-offs and your recommendation
  5. Present design — in sections scaled to their complexity, get user approval after each section
  6. Write design doc — save to docs/superpowers/specs/YYYY-MM-DD-<topic>-design.md and commit
  7. Spec review loop — dispatch spec-document-reviewer subagent with precisely crafted review context (never your session history); fix issues and re-dispatch until approved (max 3 iterations, then surface to human)
  8. User reviews written spec — ask user to review the spec file before proceeding
  9. Transition to implementation — invoke writing-plans skill to create implementation plan

Process Flow

digraph brainstorming {
    "Explore project context" [shape=box];
    "Visual questions ahead?" [shape=diamond];
    "Offer Visual Companion\n(own message, no other content)" [shape=box];
    "Ask clarifying questions" [shape=box];
    "Propose 2-3 approaches" [shape=box];
    "Present design sections" [shape=box];
    "User approves design?" [shape=diamond];
    "Write design doc" [shape=box];
    "Spec review loop" [shape=box];
    "Spec review passed?" [shape=diamond];
    "User reviews spec?" [shape=diamond];
    "Invoke writing-plans skill" [shape=doublecircle];

    "Explore project context" -> "Visual questions ahead?";
    "Visual questions ahead?" -> "Offer Visual Companion\n(own message, no other content)" [label="yes"];
    "Visual questions ahead?" -> "Ask clarifying questions" [label="no"];
    "Offer Visual Companion\n(own message, no other content)" -> "Ask clarifying questions";
    "Ask clarifying questions" -> "Propose 2-3 approaches";
    "Propose 2-3 approaches" -> "Present design sections";
    "Present design sections" -> "User approves design?";
    "User approves design?" -> "Present design sections" [label="no, revise"];
    "User approves design?" -> "Write design doc" [label="yes"];
    "Write design doc" -> "Spec review loop";
    "Spec review loop" -> "Spec review passed?";
    "Spec review passed?" -> "Spec review loop" [label="issues found,\nfix and re-dispatch"];
    "Spec review passed?" -> "User reviews spec?" [label="approved"];
    "User reviews spec?" -> "Write design doc" [label="changes requested"];
    "User reviews spec?" -> "Invoke writing-plans skill" [label="approved"];
}

The terminal state is invoking writing-plans. Do NOT invoke frontend-design, mcp-builder, or any other implementation skill. The ONLY skill you invoke after brainstorming is writing-plans.

The Process

Understanding the idea:

  • Check out the current project state first (files, docs, recent commits)
  • Before asking detailed questions, assess scope: if the request describes multiple independent subsystems (e.g., "build a platform with chat, file storage, billing, and analytics"), flag this immediately. Don't spend questions refining details of a project that needs to be decomposed first.
  • If the project is too large for a single spec, help the user decompose into sub-projects: what are the independent pieces, how do they relate, what order should they be built? Then brainstorm the first sub-project through the normal design flow. Each sub-project gets its own spec → plan → implementation cycle.
  • For appropriately-scoped projects, ask questions one at a time to refine the idea
  • Prefer multiple choice questions when possible, but open-ended is fine too
  • Only one question per message - if a topic needs more exploration, break it into multiple questions
  • Focus on understanding: purpose, constraints, success criteria

Exploring approaches:

  • Propose 2-3 different approaches with trade-offs
  • Present options conversationally with your recommendation and reasoning
  • Lead with your recommended option and explain why

Presenting the design:

  • Once you believe you understand what you're building, present the design
  • Scale each section to its complexity: a few sentences if straightforward, up to 200-300 words if nuanced
  • Ask after each section whether it looks right so far
  • Cover: architecture, components, data flow, error handling, testing
  • Be ready to go back and clarify if something doesn't make sense

Design for isolation and clarity:

  • Break the system into smaller units that each have one clear purpose, communicate through well-defined interfaces, and can be understood and tested independently
  • For each unit, you should be able to answer: what does it do, how do you use it, and what does it depend on?
  • Can someone understand what a unit does without reading its internals? Can you change the internals without breaking consumers? If not, the boundaries need work.
  • Smaller, well-bounded units are also easier for you to work with - you reason better about code you can hold in context at once, and your edits are more reliable when files are focused. When a file grows large, that's often a signal that it's doing too much.

Working in existing codebases:

  • Explore the current structure before proposing changes. Follow existing patterns.
  • Where existing code has problems that affect the work (e.g., a file that's grown too large, unclear boundaries, tangled responsibilities), include targeted improvements as part of the design - the way a good developer improves code they're working in.
  • Don't propose unrelated refactoring. Stay focused on what serves the current goal.

After the Design

Documentation:

  • Write the validated design (spec) to docs/superpowers/specs/YYYY-MM-DD-<topic>-design.md
    • (User preferences for spec location override this default)
  • Use elements-of-style:writing-clearly-and-concisely skill if available
  • Commit the design document to git

Spec Review Loop: After writing the spec document:

  1. Dispatch spec-document-reviewer subagent (see spec-document-reviewer-prompt.md)
  2. If Issues Found: fix, re-dispatch, repeat until Approved
  3. If loop exceeds 3 iterations, surface to human for guidance

User Review Gate: After the spec review loop passes, ask the user to review the written spec before proceeding:

"Spec written and committed to <path>. Please review it and let me know if you want to make any changes before we start writing out the implementation plan."

Wait for the user's response. If they request changes, make them and re-run the spec review loop. Only proceed once the user approves.

Implementation:

  • Invoke the writing-plans skill to create a detailed implementation plan
  • Do NOT invoke any other skill. writing-plans is the next step.

Key Principles

  • One question at a time - Don't overwhelm with multiple questions
  • Multiple choice preferred - Easier to answer than open-ended when possible
  • YAGNI ruthlessly - Remove unnecessary features from all designs
  • Explore alternatives - Always propose 2-3 approaches before settling
  • Incremental validation - Present design, get approval before moving on
  • Be flexible - Go back and clarify when something doesn't make sense

Visual Companion

A browser-based companion for showing mockups, diagrams, and visual options during brainstorming. Available as a tool — not a mode. Accepting the companion means it's available for questions that benefit from visual treatment; it does NOT mean every question goes through the browser.

Offering the companion: When you anticipate that upcoming questions will involve visual content (mockups, layouts, diagrams), offer it once for consent:

"Some of what we're working on might be easier to explain if I can show it to you in a web browser. I can put together mockups, diagrams, comparisons, and other visuals as we go. This feature is still new and can be token-intensive. Want to try it? (Requires opening a local URL)"

This offer MUST be its own message. Do not combine it with clarifying questions, context summaries, or any other content. The message should contain ONLY the offer above and nothing else. Wait for the user's response before continuing. If they decline, proceed with text-only brainstorming.

Per-question decision: Even after the user accepts, decide FOR EACH QUESTION whether to use the browser or the terminal. The test: would the user understand this better by seeing it than reading it?

  • Use the browser for content that IS visual — mockups, wireframes, layout comparisons, architecture diagrams, side-by-side visual designs
  • Use the terminal for content that is text — requirements questions, conceptual choices, tradeoff lists, A/B/C/D text options, scope decisions

A question about a UI topic is not automatically a visual question. "What does personality mean in this context?" is a conceptual question — use the terminal. "Which wizard layout works better?" is a visual question — use the browser.

If they agree to the companion, read the detailed guide before proceeding: skills/brainstorming/visual-companion.md

Comments

Loading comments...