ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Speckit Workflow for Openclaw

v1.0.3

Complete Spec-Driven Development (SDD) orchestrator for OpenClaw. Initializes SpecKit and manages the full engineering lifecycle.

0· 644·1 current·1 all-time
byVinayak Verma@vinayakv22
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Spec-Driven Development orchestrator) align with included templates and bash scripts: creating specs, plans, tasks, feature directories, and delegating to subskills is expected. The README explicitly requires Git access (SSH/credential helper) which matches the scripts' use of git.
Instruction Scope
SKILL.md instructs the agent to copy the bundled .specify/ directory into the project and to spawn sub-agents for each phase — this is consistent with the stated workflow. However the runtime scripts (notably update-agent-context.sh) will create/update many repository-level agent files (CLAUDE.md, QWEN.md, .github/agents/copilot-instructions.md, .cursor rules, etc.). That behavior is within a plausible 'agent context' purpose, but it expands scope beyond just spec files: it modifies or creates files that could affect other agent integrations or workflows. Also the workflow assumes the agent will ask for and obey user permission for git actions, but enforcement is up to the agent (the code does run git commands like checkout, fetch).
Install Mechanism
Instruction-only skill with bundled scripts and templates — no network downloads, package installs, or external install URLs. The highest-risk install-types (downloading and executing arbitrary archives) are not used here.
Credentials
No environment variables or credentials are declared in the metadata. The scripts rely on standard git environment (SSH keys, credential helpers) and an optional SPECIFY_FEATURE env var. That is proportionate to a tool that manipulates repo branches and files. No unrelated secrets are requested.
!
Persistence & Privilege
The skill will create or update repository-level agent files (CLAUDE.md, QWEN.md, .github/agents/..., .cursor rules, etc.) and may create files at the project root. This can alter other agents' configurations or project metadata. While 'always' is false, the skill's scripts explicitly modify repository content and may run git operations (checkout, fetch, branch creation). Users should be aware it can change repository state and create/overwrite files that affect other tooling.
Scan Findings in Context
[pre-scan-injection-signals] expected: No injection signals were detected. The presence of many shell scripts that manipulate repository files and call git is expected for this skill.
What to consider before installing
This skill appears to do what it says (orchestrate Spec-Driven Development) and ships useful templates and bash scripts, but it will write files into your repository, create feature branches, and update many agent-specific files (CLAUDE.md, QWEN.md, .github/agents/..., .cursor rules, etc.). Before installing or enabling automated git operations: 1) Run it in a disposable or test repository first so you can observe what files it creates/overwrites; 2) Back up any existing agent configuration files or templates in your repo; 3) Confirm the agent asks you for explicit permission before performing git commit/push/branch creation and only grant that permission if you trust it; 4) If you do not want repository changes, choose 'No' to automated git operations — the skill will still write files locally but should not perform git commands if the agent follows the SKILL.md; 5) If you use other agent tooling, review update-agent-context.sh to see exactly which files it will create/update and adjust or sandbox accordingly. If you want me to, I can extract the list of all files the scripts may touch (including the truncated files) and point out exact lines that create/modify them.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fbes4rmafydbfycwmce4cvh81nd3z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments