ClawHub

pm-requirement-flow

v1.2.0

PM 工作流。需求澄清 → 派发 → 验收。Yi 平时派需求给 Claude Code 开发的流程,已经跑通了,记录下来方便复用。依赖 claude-code-dispatch。

0· 66·1 current·1 all-time
by王易@yiguoguo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (PM workflow → dispatch to Claude Code) matches the instructions: the skill documents how to clarify requirements, write a SPEC, and invoke a local claude-code-dispatch script to hand off work. Requiring the dispatch dependency is expected for this purpose.
Instruction Scope
All runtime instructions are contained in SKILL.md and remain within the stated purpose. The skill explicitly tells the agent to run a local script (~/.openclaw/.../dispatch.sh), background it, and write logs to /tmp. It also recommends auditing that script. Notably, the recommended command includes --permission-mode bypassPermissions which disables interactive confirmations — expected for CI-style dispatch but increases the risk that tasks run without further checks.
Install Mechanism
No install spec or third-party downloads are present; the SKILL.md suggests running 'clawdhub install claude-code-dispatch' (an expected dependency management step). No arbitrary URLs or archive extraction are used by this skill.
Credentials
The skill requests no environment variables, no credentials, and no config paths. All file references are to a local dependency script and a user-specified project workdir, which is proportional to the described dispatch behavior.
Persistence & Privilege
always is false and there are no install-time operations or requests to modify other skills or global agent settings. The skill relies on standard agent invocation behavior; it does not request persistent elevated privileges.
Assessment
This skill appears coherent for documenting and automating a PM→dispatch workflow, but you MUST inspect and trust the dependent script before using it. Steps to consider before installing/using: (1) open and review ~/.openclaw/workspace/skills/claude-code-dispatch/scripts/dispatch.sh to confirm its behavior; (2) avoid or remove --permission-mode bypassPermissions if you want human confirmation before code runs; (3) ensure the --workdir value is limited to the intended project path and not left unspecified; (4) consider whether you want the agent to be able to invoke this skill autonomously — if not, disable autonomous invocation (disable-model-invocation) or require manual triggers. If you cannot review the dispatch script or trust its source, do not run it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eprhpmtdrm7qz5kvbaa96r584qn8jpmvk97eprhpmtdrm7qz5kvbaa96r584qn8jproduct-managementvk97eprhpmtdrm7qz5kvbaa96r584qn8jworkflowvk97eprhpmtdrm7qz5kvbaa96r584qn8j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis

Comments