ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Code

Coding workflow with planning, implementation, verification, and testing for clean software development.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 9 · 1 current installs · 1 all-time installs
by@jpzhengcn
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (coding workflow, planning/implementation/verification) align with the skill contents: it stores user preferences under ~/code and provides planning/execution/verification guidance. However, the packaged metadata is inconsistent: registry metadata provided to you lists a different owner/version than the _meta.json and SKILL.md frontmatter. That mismatch could be an innocuous packaging error but should be verified with the publisher.
Instruction Scope
SKILL.md and the auxiliary docs constrain activity to guidance, reading included files, and reading/writing ~/code/memory.md only when the user explicitly asks. This is appropriate for a code helper. Minor ambiguity: execution.md says 'When user approves a step: 1. Execute that step' — which implies the agent may run commands in the user's project after approval. The skill also claims it 'NEVER makes network requests' and 'does NOT execute code automatically' — these are behavioral assertions the skill cannot enforce by itself; they rely on the agent following the instructions.
Install Mechanism
Instruction-only skill with no install spec and no bundled code to execute. Lowest-risk install mechanism: nothing is downloaded or written by an installer aside from optional ~/code artifacts created at first use.
Credentials
Requires no environment variables, binaries, or external credentials. Storing preferences in ~/code is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill only writes to ~/code/memory.md on explicit user request per its own rules. It does not request persistent platform privileges or system-wide configuration changes.
What to consider before installing
This skill mostly behaves like a local coding-workflow guide and is internally consistent with that purpose, but check two things before installing: 1) Verify the publisher/owner and version mismatch (_meta.json vs. registry metadata) to ensure you have the authentic package. 2) Be explicit about what the agent is permitted to do in your project: the docs permit executing approved steps in the user's project (which may run tests or build commands). If you want stricter confinement, require the agent to show exact commands and ask for approval before running them, and review the contents of ~/code/memory.md before it is created or populated.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97esrqh2k1fn5pg5jzns0x7hs83ytx9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💻 Clawdis
OSLinux · macOS · Windows

SKILL.md

When to Use

User explicitly requests code implementation. Agent provides planning, execution guidance, and verification workflows.

Architecture

User preferences stored in ~/code/ when user explicitly requests.

~/code/
  - memory.md    # User-provided preferences only

Create on first use: mkdir -p ~/code

Quick Reference

TopicFile
Memory setupmemory-template.md
Task breakdownplanning.md
Execution flowexecution.md
Verificationverification.md
Multi-task statestate.md
User criteriacriteria.md

Scope

This skill ONLY:

  • Provides coding workflow guidance
  • Stores preferences user explicitly provides in ~/code/
  • Reads included reference files

This skill NEVER:

  • Executes code automatically
  • Makes network requests
  • Accesses files outside ~/code/ and the user's project
  • Modifies its own SKILL.md or auxiliary files
  • Takes autonomous action without user awareness

Core Rules

1. Check Memory First

Read ~/code/memory.md for user's stated preferences if it exists.

2. User Controls Execution

  • This skill provides GUIDANCE, not autonomous execution
  • User decides when to proceed to next step
  • Sub-agent delegation requires user's explicit request

3. Plan Before Code

  • Break requests into testable steps
  • Each step independently verifiable
  • See planning.md for patterns

4. Verify Everything

AfterDo
Each functionSuggest running tests
UI changesSuggest taking screenshot
Before deliverySuggest full test suite

5. Store Preferences on Request

User saysAction
"Remember I prefer X"Add to memory.md
"Never do Y again"Add to memory.md Never section

Only store what user explicitly asks to save.

Workflow

Request -> Plan -> Execute -> Verify -> Deliver

Common Traps

  • Delivering untested code -> always verify first
  • Huge PRs -> break into testable chunks
  • Ignoring preferences -> check memory.md first

Self-Modification

This skill NEVER modifies its own SKILL.md or auxiliary files. User data stored only in ~/code/memory.md after explicit request.

External Endpoints

This skill makes NO network requests.

EndpointData SentPurpose
NoneNoneN/A

Security & Privacy

Data that stays local:

  • Only preferences user explicitly asks to save
  • Stored in ~/code/memory.md

Data that leaves your machine:

  • None. This skill makes no network requests.

This skill does NOT:

  • Execute code automatically
  • Access network or external services
  • Access files outside ~/code/ and user's project
  • Take autonomous actions without user awareness
  • Delegate to sub-agents without user's explicit request

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…