gsd
v1.0.0Get Shit Done - Full project planning and execution workflow. Handles project initialization with deep context gathering, automated research, roadmap creation, phase planning, and execution with verification.
⭐ 3· 645·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (end-to-end project planning & execution) matches what the SKILL.md actually does: deep questioning, research, roadmap/phase management, plan execution, verification, debugging, design flows, and spawning helper subagents. The file reads/writes, git commits/tags, and web research calls align with that purpose.
Instruction Scope
The instructions contain many concrete shell steps that read and write project files (.planning/*, package.json, code files), spawn subagents (sessions_spawn / Task), run git operations (commit, tag), and can delete files (example: rm .planning/REQUIREMENTS.md). All of these are in-scope for a project execution tool, but they are high-impact actions: they can modify or remove repository files and persist debug sessions. Pay attention to automatic commit behavior (COMMIT_PLANNING_DOCS) and any actions that run without an explicit confirmation step.
Install Mechanism
Instruction-only skill with no install spec or downloaded binaries — nothing is written by an installer. All behavior is described in SKILL.md and operates on the user's repo and platform-provided facilities. This is the lowest install risk category.
Credentials
The skill requests no environment variables or external credentials in its metadata. It does rely on repository-local files (git, package manifests, project code) and platform tools (WebFetch/WebSearch, sessions_spawn, Context7 MCP). Those dependences are proportional to research, mapping, and codebase analysis duties. There are no unrelated credential requests in the skill metadata.
Persistence & Privilege
always:false (normal). The skill spawns autonomous subagents (sessions_spawn / Task) and often sets cleanup="keep", persisting debug/session files under .planning/debug. It also performs git commits and tags. Autonomous subagents with kept sessions increase blast radius if misused, but this behavior is coherent with a multi-agent project orchestration workflow.
Assessment
This skill appears internally consistent with a project-management/execution tool, but it performs high-impact repo operations and spawns autonomous subagents. Before installing or running it: 1) Review .planning/config.json (the COMMIT_PLANNING_DOCS flag) and consider disabling automatic commits until you're comfortable. 2) Run it first in a throwaway or non-production repository to observe behaviors (it will create .planning/, commit files, tag, and may rm files). 3) Be mindful of the skill's use of WebFetch/WebSearch and Context7 (these may send project context externally for research). 4) Note that debug and subagent sessions persist under .planning/debug (cleanup="keep"); if you don't want persistent subagents, avoid flows that spawn them or check platform controls for subagent lifecycle. 5) If you need stricter control, ensure the agent runs with limited filesystem permissions or in an isolated environment and review any commits/tags before pushing to remotes.Like a lobster shell, security has layers — review code before you run it.
latestvk97fsygv9k4mq2v89fqa7bp6qd813e45
License
MIT-0
Free to use, modify, and redistribute. No attribution required.