ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Write A Prd

v0.1.3

Create a PRD through user interview, codebase exploration, and module design, then submit as a GitHub issue. Use when user wants to write a PRD, create a pro...

0· 331·3 current·3 all-time
by@liuhe12
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose includes 'explore the repo' and 'submit as a GitHub issue', but the skill metadata requests no repository access, no GitHub token, and no config paths. Submitting a GitHub issue and interacting with a repository normally requires credentials or explicit access; that requirement is missing from the declared footprint.
!
Instruction Scope
SKILL.md explicitly instructs the agent to 'explore the repo to verify their assertions' and to submit the PRD as a GitHub issue. It does not specify how repo exploration should occur (local filesystem vs. API), does not limit which files or paths to read, and gives no guidance on how to authenticate to GitHub. This leaves open how the agent will obtain or use repository contents and where the PRD will be transmitted.
Install Mechanism
This is an instruction-only skill with no install spec, no downloaded code, and no binaries requested. That minimizes installation risk.
!
Credentials
No environment variables, tokens, or config paths are declared, yet the runtime behavior implies the need for at least a GitHub token (or write access via some connector) and access to the repository contents. The absence of declared credentials is disproportionate to the actions expected.
Persistence & Privilege
The skill does not request persistent presence (always: false) and does not include installation steps that modify agent configuration. No privilege escalation is indicated.
What to consider before installing
This skill's instructions expect access to your codebase and the ability to create a GitHub issue, but it doesn't declare or request the credentials needed to do that. Before installing or invoking it, confirm: (1) how the agent will access your repository (is the repo already mounted/visible to the agent?), (2) whether you'll need to provide a GitHub token — if so, supply a minimal-scope token (repo:issues or equivalent) rather than a full personal access token, (3) avoid sharing secrets or broad-scoped tokens; prefer manual posting of the final PRD if you don't want to grant API access, and (4) ask the skill author to update the metadata/SKILL.md to explicitly state required auth, scopes, and which repository paths the skill will read. These steps reduce the risk of unintended exposure of repository data or over-permissive credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fjsn52g1vnqg2kdrxax6g6d836y2k
331downloads
0stars
4versions
Updated 2h ago
v0.1.3
MIT-0
@liuhe12
latest
Download

This skill will be invoked when the user wants to create a PRD. You may skip steps if you don't consider them necessary.

  1. Ask the user for a long, detailed description of the problem they want to solve and any potential ideas for solutions.

  2. Explore the repo to verify their assertions and understand the current state of the codebase.

  3. Interview the user relentlessly about every aspect of this plan until you reach a shared understanding. Walk down each branch of the design tree, resolving dependencies between decisions one-by-one.

  4. Sketch out the major modules you will need to build or modify to complete the implementation. Actively look for opportunities to extract deep modules that can be tested in isolation.

A deep module (as opposed to a shallow module) is one which encapsulates a lot of functionality in a simple, testable interface which rarely changes.

Check with the user that these modules match their expectations. Check with the user which modules they want tests written for.

  1. Once you have a complete understanding of the problem and solution, use the template below to write the PRD. The PRD should be submitted as a GitHub issue.
<prd-template>

Problem Statement

The problem that the user is facing, from the user's perspective.

Solution

The solution to the problem, from the user's perspective.

User Stories

A LONG, numbered list of user stories. Each user story should be in the format of:

  1. As an <actor>, I want a <feature>, so that <benefit>
<user-story-example> 1. As a mobile bank customer, I want to see balance on my accounts, so that I can make better informed decisions about my spending </user-story-example>

This list of user stories should be extremely extensive and cover all aspects of the feature.

Implementation Decisions

A list of implementation decisions that were made. This can include:

  • The modules that will be built/modified
  • The interfaces of those modules that will be modified
  • Technical clarifications from the developer
  • Architectural decisions
  • Schema changes
  • API contracts
  • Specific interactions

Do NOT include specific file paths or code snippets. They may end up being outdated very quickly.

Testing Decisions

A list of testing decisions that were made. Include:

  • A description of what makes a good test (only test external behavior, not implementation details)
  • Which modules will be tested
  • Prior art for the tests (i.e. similar types of tests in the codebase)

Out of Scope

A description of the things that are out of scope for this PRD.

Further Notes

Any further notes about the feature.

</prd-template>

Comments

Loading comments...