DevTeam Command

v1.2.0

Runs a full Dev Team pipeline from planning to release for any coding task, producing plans, code, tests, fixes, and release notes.

⭐ 0· 234·1 current·1 all-time

by@sunlearndev

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description (run a Planner→PM→Coder→Tester→Fixer→Reporter pipeline) matches the code: spawnDevTeam spawns labeled subagents and waits for them. The pipeline, timeouts, and outputs described are represented in code.

ℹ

Instruction Scope

SKILL.md shows how to call spawnDevTeam and lists CLI usage and output files. The code implements spawn functions that call platform APIs (sessions_spawn, subagents) and polls for completion. However: getAgentOutput() is a stub that always returns null (so BUGS.md retrieval is not implemented), and the README-style CLI examples (e.g. /devteam) are not backed by any install or binary. The skill will spawn subagents that run for long timeouts — those subagents will receive the task text and can perform arbitrary work within the platform.

✓

Install Mechanism

No install spec; instruction-only plus a single TypeScript file. Nothing is downloaded or written to disk by an installer — lowest install risk.

ℹ

Credentials

The skill requests no environment variables or credentials. It does reference explicit model names (e.g., 'bailian/qwen3-coder-plus', 'bailian/kimi-k2.5') which may imply use of external model providers or platform model routing; no credentials or config for those providers are declared. This is not necessarily malicious but is an implementation ambiguity you should verify (does your platform have access to these models?).

✓

Persistence & Privilege

always is false and the skill does not request to alter other skills or persist configuration. It spawns subagents (normal behavior for a pipeline skill) but does not request elevated platform privileges in the code.

Assessment

This skill appears to do what it says (spawn a multi-agent DevTeam pipeline) and does not request credentials or install anything. Before installing or using it: 1) Test on non-sensitive tasks — the skill spawns subagents that will receive your task text and could send that content to whatever models the platform routes to. 2) Confirm your platform has access to the listed models (the code references 'bailian/...' models) or update the model names to ones you trust. 3) Be aware getAgentOutput is a stub (returns null), so automatic retrieval of BUGS.md is not implemented; outputs may not be written to docs/ unless your platform's subagents do so. 4) If you plan to run private or proprietary tasks, avoid passing secrets in taskDescription since subagents will process the text. If you need higher assurance, ask the author for a complete implementation and clarity on model/provider usage before enabling on production agents.

Like a lobster shell, security has layers — review code before you run it.

latestvk976prqfrcpe4w2twr2k2te70182e0h2

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

DevTeam Command

License

Comments