ClawHub

gstack Office Hours

v1.0.0

Use six forcing questions in two modes—startup diagnostic and builder brainstorm—to thoroughly assess and shape new product ideas before any coding begins.

0· 20·0 current·0 all-time
byGarry Tan@garrytan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (product diagnostic / office hours) match the instructions. The skill requires no binaries, env vars, or installs and does not ask for unrelated privileges—its requests (read project docs, git log, search code) are coherent with producing a tailored design document.
Instruction Scope
SKILL.md explicitly tells the agent to read the workspace, project docs, check git log, and search the codebase to gather context — this is reasonable for a design review but means the agent will inspect repository files and history. It also includes a clear 'HARD GATE' forbidding code generation or implementation actions, which narrows scope if followed.
Install Mechanism
No install spec and no code files — lowest-risk model. Nothing will be downloaded or written by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. The only data it asks to access is workspace/project files and git history, which is proportionate to producing a contextual design doc.
Persistence & Privilege
always:false (not force-included). disable-model-invocation is false (agent may invoke autonomously), which is the platform default and acceptable here given the skill's limited scope and lack of credentials.
Assessment
This skill is an instruction-only 'office hours' facilitator and appears coherent with its stated purpose. Before installing, confirm that you are comfortable with the agent reading your repository files and git history (the SKILL.md explicitly asks it to do so). There are no installs or credentials required, but note the skill's source/homepage is unknown — if you care about provenance, you may want to vet the owner or avoid installing from an unknown author. Also remember the HARD GATE is an instruction (the skill says 'do NOT write code'), but it is up to the agent runtime to enforce that; if your agent environment can run other skills or has file-write rights, avoid exposing sensitive files or secrets in the workspace. If you want maximum safety, run sessions with a sanitized copy of the repo or restrict the agent's filesystem access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dd30tkwk8rvsf7pz1801rf18499mw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments