ClawHub

Coding Pipeline

v1.0.0

Enforces a disciplined 4-phase pipeline for non-trivial coding tasks: Plan (hypothesis) → Code (one fix) → Validate (root cause) → Debug (max 3 tries, escala...

0· 0·0 current·0 all-time
by@brasco05
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (enforce a 4‑phase coding pipeline) match the included materials: SKILL.md, templates, checklists, examples, and small helper scripts. Nothing in the repo requests unrelated capabilities (no cloud creds, no network download/install steps).
Instruction Scope
The SKILL.md instructs agents to write hypotheses, run builds/tests, and record Phase 4 attempt logs in a local .pipeline-state/ directory. Those actions are appropriate to a pipeline skill, but they do involve writing local state to the workspace and running developer build/test commands — expected for this purpose. There are no instructions to read secrets, call external endpoints, or exfiltrate data.
Install Mechanism
There is no remote install/download; the skill is instruction-first with optional local installation into an OpenClaw workspace. Package.json has no dependencies, and the included shell scripts are small and local-only. No high-risk download/extract steps are present.
Credentials
The skill declares no required environment variables, no credentials, and no config paths beyond creating a local .pipeline-state/ directory. That level of access is proportionate to the stated functionality.
Persistence & Privilege
OpenClaw integration recommends workspace injection so SKILL.md is loaded at session start; that makes the pipeline guidance present across sessions (intentional for this skill). The scripts create/write .pipeline-state/ in the workspace — a benign persistent artifact but one you should be aware of. The skill does not set always: true, does not require elevated privileges, and does not modify other skills' configs.
Assessment
This skill appears coherent and aligned with its stated goal. Before installing: 1) Review the included scripts (scripts/activator.sh and scripts/phase-check.sh) if you want to ensure no automated execution in your environment; they are local helpers that create/modify .pipeline-state/. 2) If you do not want the pipeline text injected into every OpenClaw session, avoid installing into a shared workspace (install per‑project instead). 3) The skill recommends creating .pipeline-state/ and adding it to .gitignore — consider doing so to avoid committing local state. 4) Note the skill suggests handoffs to other skills (systematic-debugging, self-improving-agent) but does not automatically invoke remote services or require credentials. Overall this looks like a productivity discipline pack rather than a security risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk9738kd74h0pm1czb6vj3c0en184nd1q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments