Spec Workflow Guide
v1.5.0Use when medium-to-large changes need explicit requirements, technical design, and task planning before implementation, especially for multi-module work, unc...
⭐ 0· 123·1 current·1 all-time
byBooker Zhao@binggg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description describe a spec-and-planning workflow; the SKILL.md contains only guidance for creating requirements/design/tasks files and cross-references sibling workflow docs. There are no environment variables, binaries, or unrelated capabilities requested that would be disproportionate to a planning/requirements skill.
Instruction Scope
The runtime instructions are limited to producing spec files (requirements.md, design.md, tasks.md), asking follow-up questions, requiring confirmations, and referencing sibling docs. The instructions do not direct the agent to read unrelated local files, access credentials, or transmit data to external endpoints beyond referencing fallback URLs for sibling docs.
Install Mechanism
No install spec and no code files are present (instruction-only). Nothing is downloaded or written by an installer from arbitrary URLs, so there is minimal install risk.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The guidance to create files under specs/<spec_name>/ is appropriate for a spec-writing workflow and does not require additional secrets or elevated access.
Persistence & Privilege
always is false and the skill does not request persistent system-wide presence or modify other skills/configuration. It is user-invocable and uses the normal model-invocation default; this is expected and not a concern here.
Assessment
This skill appears coherent and safe: it only provides authoring guidance and asks the agent to create spec files. Before installing, consider: 1) you will want the agent to be allowed to create or modify files in your workspace (it writes specs/...), so install only where that is acceptable; 2) the SKILL.md references external fallback URLs — if your environment blocks outbound web access those links won't be reachable; 3) the skill owner is unidentified in the metadata — while the content is benign, prefer installing from known/trusted publishers or testing in a sandbox if you have any concern. Otherwise the skill matches its stated purpose and has no disproportionate permissions or installs.Like a lobster shell, security has layers — review code before you run it.
latestvk979m1370wxbx8xgpdbbc37man84xwbt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.