Mini PIV - Lightweight Feature Builder
Analysis
This is a coherent feature-building workflow, but it gives sub-agents broad code-editing and command-running authority and can stage and commit repository changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Use the available tools (read, write, edit, exec) to implement changes and run commands
The executor sub-agent is authorized to modify project files and execute commands based on the generated PRP, without a clearly bounded file scope, command allowlist, or approval gate in the artifact.
cd PROJECT_PATH && git status && git diff --stat git add -A git commit -m "feat(
The commit step stages all repository changes with git add -A before committing, which can include unrelated, generated, deleted, or unreviewed files.
Run syntax & style validation commands ... Execute unit test validation ... Run integration testing commands
Running validation commands is expected for a coding workflow, but project test/build/lint commands can execute local scripts or start services.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
Use the `sessions_spawn` tool to create fresh sub-agent sessions. Each spawn is non-blocking — you'll receive results via an announce step.
The workflow intentionally passes project paths, discovery input, PRPs, summaries, and validation gaps among multiple spawned agents; this is purpose-aligned but expands who sees the task context.
Save to: {PROJECT_PATH}/PRPs/planning/mini-{FEATURE_NAME}-analysis.mdThe skill stores codebase-derived analysis and PRP context inside the project for later use by executor and validator agents.