PIV - Plan Implement Validate
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: piv Version: 1.1.0 This skill bundle is classified as suspicious due to its extensive use of high-risk capabilities, including arbitrary shell command execution, broad file system access, and network interaction via web search and `gh` CLI. While these capabilities are plausibly needed for a software development workflow agent, they present a significant attack surface. Specifically, `SKILL.md`, `prp_base.md`, `execute-prp.md`, `generate-prp.md`, `piv-debugger.md`, `piv-executor.md`, and `piv-validator.md` instruct the agent to run various project-defined commands (e.g., build, test, lint) and interact with GitHub via `gh` CLI, which could be leveraged for malicious purposes if the agent processes untrusted input (e.g., a malicious PRP or project configuration).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can change code and run local commands as part of implementing a PRP.
The executor role is explicitly allowed to edit project files and execute commands. This is expected for a software implementation workflow, but it is high-impact if run in the wrong repository or against an unsafe PRP.
Use the available tools (read, write, edit, exec) to implement changes and run commands
Run it only in the intended project directory, review PRPs before execution, and monitor or approve command execution where your agent platform allows.
Project test/build commands may run code on your machine.
The skill directs agents to run validation commands from the PRP/project. Running tests, builds, and linters is normal for this purpose, but those commands can execute arbitrary project code if the repository or PRP is untrusted.
Execute the level validation system from the PRP: Level 1... Level 2... Level 3... Level 4... Each level must pass before proceeding
Use trusted repositories or sandbox the environment before letting the skill run validation commands.
A repository’s own instruction files or generated planning documents can influence what the agent does later.
The workflow encourages future agents to treat project-level instruction files and generated PRPs as context. This is common for coding workflows, but malicious or stale repo instructions could steer agent behavior if the project is untrusted.
Global rules: Follow any project-level configuration files (CLAUDE.md, AGENTS.md, .cursorrules, etc.)
Review CLAUDE.md, AGENTS.md, .cursorrules, PRPs, and planning files before execution, especially in third-party repositories.
Multiple agent sessions may work on the project during one workflow run.
The skill uses sub-agent sessions for research, execution, validation, and debugging. This is disclosed and central to the skill’s purpose, and the instructions say to wait for results rather than leave hidden agents running.
Use the `sessions_spawn` tool to create fresh sub-agent sessions. Each spawn is non-blocking — you'll receive results via an announce step. Wait for each agent's results before proceeding
Use this skill when you want multi-agent orchestration, and keep phase ranges/debug loops bounded for large or sensitive projects.