Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Subagent-Driven Development
v1.0.1Use when executing implementation plans with independent tasks in the current session
⭐ 1· 63·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the instructions: the skill orchestrates fresh subagents per task with spec + quality reviews. However, the runtime behavior implies read/write access to the repository (read plans, read/write code, run tests, commit, obtain git SHAs) and potentially external integrations (TodoWrite, 'superpowers' tools) but the skill declares no required binaries, env vars, or config paths. The lack of stated required permissions is a design omission that should be clarified.
Instruction Scope
SKILL.md instructs agents to read plan files and project files, implement code, run tests, commit, inspect code line-by-line, and mark tasks complete in TodoWrite — all within-scope for a dev orchestration skill. However: (1) prompts explicitly tell implementer subagents to paste 'FULL TEXT' instead of reading files while examples show reading a plan file — inconsistent guidance; (2) the workflow grants broad access to repository contents and commit history and to any context provided to subagents, which can expose secrets or unrelated sensitive files if not confined; (3) the skill references external tools (superpowers:code-reviewer, TodoWrite, etc.) without describing where those endpoints live or what credentials they need.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low-risk from an installation/code distribution perspective because nothing is downloaded or written by an installer.
Credentials
The skill declares no required environment variables or credentials, yet its intended actions imply the need for: repository write access (git), possibly CI/test runners, and credentials for external services (TodoWrite, 'superpowers' tools). The omission means callers might need to grant broad runtime permissions implicitly; any unspecified external connectors or tokens are a risk because they could be used to exfiltrate data or make changes without explicit declaration.
Persistence & Privilege
always:false and user-invocable:true — normal and appropriate. The skill does instruct autonomous dispatch of subagents, but autonomous invocation is platform-default. There is no evidence the skill attempts to modify other skills or system-wide settings.
What to consider before installing
This skill is an orchestration template for spawning implementer/spec/quality-review subagents and expects access to your repo and developer tools, but it doesn't explicitly declare those permissions. Before installing or using it: 1) Confirm what 'superpowers' and 'TodoWrite' integrations are and whether they require tokens or network endpoints; don't grant unknown tokens. 2) Run it first in an isolated/test workspace (or sandbox) so subagents only see non-sensitive files. 3) Ensure the agent runtime only has the minimum filesystem and git permissions needed (least privilege) and that commits/actions are audited. 4) Review the prompt templates to ensure they don't instruct subagents to leak session context or secrets (search for commands that send data to external URLs). 5) Ask the publisher for clarification about required permissions and expected external connectors; if they can't justify missing env/config declarations, treat the skill with extra caution.Like a lobster shell, security has layers — review code before you run it.
latestvk973y1zvj3etqxnzxypq9kv4ts84d9av
License
MIT-0
Free to use, modify, and redistribute. No attribution required.