AI-DLC
v1.1.0AI-Driven Development Life Cycle (AI-DLC) adaptive workflow for software development. Use when: starting a new project, new feature, bug fix, refactoring, mi...
⭐ 0· 97·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (AI-Driven Development Life Cycle) matches the instructions: workspace detection, requirements, design, code generation, build/test and lots of file creation under aidlc-docs/. The skill asks the agent to read code and workspace artifacts and to create state, audit and question files — behavior that is expected for a development lifecycle assistant.
Instruction Scope
SKILL.md is prescriptive and broad: it mandates reading many reference files bundled with the skill and also mandates scanning/reading the user's workspace and all relevant artifacts (including 'all code files' during code stages). It enforces file-based question/answer flow (never ask in chat) and requires recording all user input verbatim to aidlc-docs/audit.md. These are coherent with an audit-focused dev workflow but give the agent broad discretion over what files to read and what content to persist.
Install Mechanism
No install spec and no code files to run; this is an instruction-only skill. That minimizes installation risk because nothing will be downloaded or executed by the installer.
Credentials
The skill requests no environment variables or external credentials (appropriate), but it explicitly instructs reading the entire workspace and writing audit/state files. That behavior is proportionate for a codebase analysis tool, yet it presents a privacy/secret-exposure risk: any secrets or credentials present in the workspace or pasted by users will be recorded verbatim into audit.md and other artifacts. The skill does not request or justify access to unrelated external credentials, which is good.
Persistence & Privilege
The skill does not request 'always: true' and has no install-time persistence. It does instruct creating and updating workspace files (aidlc-docs/, aidlc-state.md, audit.md) which is normal for a development assistant and limited to the project workspace rather than system-wide configuration.
Assessment
This skill is internally consistent with a development workflow assistant, but it will read your repository and persist user input and artifacts to aidlc-docs/ (including audit.md) verbatim. Before installing or running: (1) ensure the workspace you grant it access to does not contain secrets, credentials, or sensitive data you don't want recorded; (2) be aware that the skill enforces 'never ask in chat' and records all user answers into files — review those files if you need to redact sensitive content; (3) if you plan to run this on production or large repos, try it first on a safe, trimmed copy to verify behavior; (4) confirm how your agent runtime enforces file access boundaries and whether the skill can read outside intended project paths; and (5) if you rely on external SubAgents or integrations mentioned in docs (e.g., 'SubAgent'), verify what other components will consume the generated state files.Like a lobster shell, security has layers — review code before you run it.
ai-methodologyvk9741rfcpjfs5h4m1zs372ckr183qk9fdev-workflowvk9741rfcpjfs5h4m1zs372ckr183qk9flatestvk970j4see57z843hq57aw71emn83x6e8software-developmentvk9741rfcpjfs5h4m1zs372ckr183qk9f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.