Piv
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may change source code and run tests, builds, or other validation commands in the project you point it at.
The executor is explicitly allowed to edit project files and execute commands, which is expected for this development workflow but can have high impact in the selected repository.
Use the available tools (read, write, edit, exec) to implement changes and run commands
Use it in a trusted repository, keep version control clean before running, and review PRPs and validation commands before allowing broad implementation work.
A repository's local instruction files or PRPs could steer the agent's coding choices and command selection.
The skill tells agents to follow repository-level instruction files. That is common for coding agents, but those files can influence behavior if the repository is untrusted or contains unsafe instructions.
Global rules: Follow any project-level configuration files (CLAUDE.md, AGENTS.md, .cursorrules, etc.)
Inspect project instruction files and PRPs first, especially when working with third-party or newly cloned repositories.
Project details and generated plans may be shared between the orchestrator and spawned sub-agents during the workflow.
The workflow intentionally passes project paths, PRD/PRP content, and execution summaries among sub-agent sessions; this is disclosed and central to the skill, but users should understand that project context is shared across agent sessions.
Use the `sessions_spawn` tool to create fresh sub-agent sessions. Each spawn is non-blocking — you'll receive results via an announce step.
Avoid running the workflow on projects containing secrets or private data unless you are comfortable with that context being used by the involved agent sessions.
Generated planning documents can shape future code changes if reused across phases.
The workflow creates and later relies on persistent planning and PRP files inside the project. This is appropriate for a phased development process, but stale or tampered planning files could affect later implementation.
Save to: {PROJECT_PATH}/PRPs/planning/{PRD_NAME}-phase-{N}-analysis.mdReview generated PRDs, PRPs, and planning files before continuing to later implementation phases.