ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

6skill

v1.0.0

Create and manage Product Requirements Documents (PRDs) with structured user stories, acceptance criteria, and task prioritization for feature development.

0· 120·0 current·0 all-time
by@zhao202404

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zhao202404/excel-skill01.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "6skill" (zhao202404/excel-skill01) from ClawHub.
Skill page: https://clawhub.ai/zhao202404/excel-skill01
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install excel-skill01

ClawHub CLI

Package manager switcher

npx clawhub@latest install excel-skill01
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (create/manage PRDs and structured user stories) align with the provided templates, prd.json format, progress tracking, and agent-run workflows. All declared requirements (no env vars, no binaries) match the instruction-only package.
!
Instruction Scope
The SKILL.md and references instruct agents to read and update repo files, create branches, run checks, commit code, and—critically—show an unattended agentic loop example that repeatedly invokes an agent with the flag `--dangerously-skip-permissions`. That flag explicitly recommends bypassing permission controls and the infinite loop pattern can lead to unattended, repeated changes to a codebase. Recommending permission bypasses and always-on agentic loops is outside the narrow 'PRD authoring' need and is a risky instruction.
Install Mechanism
No install spec and no code files (instruction-only). Nothing will be written or downloaded by the skill itself during install. Low install risk.
Credentials
The skill requests no environment variables, credentials, or config paths. It operates on local repo files (prd.json, progress.txt) which is proportionate to a PRD/agent workflow.
Persistence & Privilege
Skill metadata does not request always-on presence. However, the included agentic loop templates encourage running autonomous agents that repeatedly modify the repository. Autonomous invocation of agents is allowed by platform defaults; the risk here stems from the provided instructions (unattended loop + permission bypass) rather than skill metadata.
What to consider before installing
This skill is coherent for creating PRDs and providing agent-run templates, but it includes a dangerous example: an unattended loop that runs an agent with `--dangerously-skip-permissions`. Before installing or using: (1) Do not run the unattended agentic loop unless you fully trust and sandbox the agent; prefer human-in-the-loop operation. (2) Never use flags or settings that bypass permission checks. (3) Review any generated commits and CI/test outputs before merging. (4) Run agents in isolated clones or worktrees and back up your repo. If the author can clarify why permission bypass is recommended or provide safer agent invocation patterns, the risk would be reduced.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f1am185egtb1sfkfaccfmdd83mbdd
120downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@zhao202404
latest
Download

PRD Skill

Create and manage Product Requirements Documents (PRDs) for feature planning.

What is a PRD?

A PRD (Product Requirements Document) is a structured specification that:

  1. Breaks a feature into small, independent user stories
  2. Defines verifiable acceptance criteria for each story
  3. Orders tasks by dependency (schema → backend → UI)

Quick Start

  1. Create/edit agents/prd.json in the project
  2. Define user stories with acceptance criteria
  3. Track progress by updating passes: falsetrue

prd.json Format

{
  "project": "MyApp",
  "branchName": "ralph/feature-name",
  "description": "Short description of the feature",
  "userStories": [
    {
      "id": "US-001",
      "title": "Add priority field to database",
      "description": "As a developer, I need to store task priority.",
      "acceptanceCriteria": [
        "Add priority column: 'high' | 'medium' | 'low'",
        "Generate and run migration",
        "Typecheck passes"
      ],
      "priority": 1,
      "passes": false,
      "notes": ""
    }
  ]
}

Field Descriptions

FieldDescription
projectProject name for context
branchNameGit branch for this feature (prefix with ralph/)
descriptionOne-line feature summary
userStoriesList of stories to complete
userStories[].idUnique identifier (US-001, US-002)
userStories[].titleShort descriptive title
userStories[].description"As a [user], I want [feature] so that [benefit]"
userStories[].acceptanceCriteriaVerifiable checklist items
userStories[].priorityExecution order (1 = first)
userStories[].passesCompletion status (falsetrue when done)
userStories[].notesRuntime notes added by agent

Story Sizing

Each story should be completable in one context window.

✅ Right-sized:

  • Add a database column and migration
  • Add a UI component to an existing page
  • Update a server action with new logic
  • Add a filter dropdown to a list

❌ Too large (split these):

  • "Build the entire dashboard" → Split into: schema, queries, UI, filters
  • "Add authentication" → Split into: schema, middleware, login UI, session

Story Ordering

Stories execute in priority order. Earlier stories must NOT depend on later ones.

Correct order:

  1. Schema/database changes (migrations)
  2. Server actions / backend logic
  3. UI components that use the backend
  4. Dashboard/summary views

Acceptance Criteria

Must be verifiable, not vague.

✅ Good:

  • "Add status column to tasks table with default 'pending'"
  • "Filter dropdown has options: All, Active, Completed"
  • "Typecheck passes"

❌ Bad:

  • "Works correctly"
  • "User can do X easily"

Always include: "Typecheck passes"

Progress Tracking

Update passes: true when a story is complete. Use notes field for runtime observations:

"notes": "Used IF NOT EXISTS for migrations"

Quick Reference

ActionCommand
Create PRDSave to agents/prd.json
Check status`cat prd.json
View incomplete`jq '.userStories[]

Resources

See references/ for detailed documentation:

  • agent-usage.md - How AI agents execute PRDs (Claude Code, OpenCode, etc.)
  • workflows.md - Sequential workflow patterns
  • output-patterns.md - Templates and examples

Comments

Loading comments...