ClawHub

Spec To Checklist

v1.0.0

把 PRD、接口文档或需求规格拆成验收、联调、测试和上线清单。;use for spec, checklist, acceptance workflows;do not use for 替代真实测试执行, 伪造通过结果.

0· 104·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (convert PRD/interface docs to checklists) match the included assets: SKILL.md, resources/spec.json, resources/template.md, examples, and a local Python script (scripts/run.py) that generates structured reports. Requiring only python3 is proportionate.
Instruction Scope
SKILL.md stays within scope (produce reviewable drafts and checklists, prefer listing '待确认项' rather than inventing facts). The runtime instructions reference running the included script or falling back to the template/json; both are consistent. Note: the script can operate in several modes (structured_brief, directory_audit, csv_audit, pattern_audit, skill_audit) and will recursively read text files under any directory you point it at. That is coherent for directory-audit use cases but means you should not point it at sensitive system directories or pass it untrusted root paths without review.
Install Mechanism
No install spec; instruction-only plus a local Python script. There are no downloads or external install steps. This is low-risk and proportionate to the stated functionality.
Credentials
No environment variables, credentials, or config paths are requested. The script reads files you pass as input; it does not attempt network access or request keys. The lack of secret/credential requirements matches the skill's purpose.
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to modify other skills or system-wide agent settings. It may write an output file when you request that via --output, which is expected behavior.
Assessment
This skill appears to do what it says: convert spec text into checklists and audit local directories when asked. Before running the included script: (1) do not point it at sensitive directories (e.g., /, your home, or directories with secrets) unless you want those files read; (2) review scripts/run.py if you plan to run it in directory-audit or pattern-audit mode to confirm the files it will open; (3) prefer using --dry-run or supplying a limited input file rather than a large directory; (4) avoid giving the skill network-accessible paths or credentials (it does not request any, and that is intentional); (5) if you need stronger isolation, run it in a sandbox/container. Overall the bundle is coherent and low-risk, but exercise normal caution about which local paths you supply as input.

Like a lobster shell, security has layers — review code before you run it.

latestvk970se3hv858qmrfw88afcdsh9838zsn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments