Speckit Workflow for Openclaw
WarnAudited by ClawScan on May 10, 2026.
Overview
The workflow is mostly aligned with spec-driven development, but it deserves review because it automates repository changes and includes scripts that can unsafely execute generated shell text and persistently modify AI-agent context files.
Install only if you are comfortable with an agent-driven development workflow that can write project files and, if you opt in, create branches, commit, and push. Review generated agent context files and avoid running the bundled shell scripts in untrusted repositories until the eval-based helper pattern is fixed.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the helper scripts in an untrusted repository, path, or branch name could execute unintended commands on the user's machine.
The script evaluates shell text produced by a helper. That helper derives values from repository paths, git branch names, and SPECIFY_FEATURE, so crafted values containing shell syntax could be executed locally.
source "$SCRIPT_DIR/common.sh" # Get feature paths and validate branch eval $(get_feature_paths)
Avoid running these scripts on untrusted repositories or unusual branch/path names; replace eval-based assignment with safely quoted parsing before trusting the skill.
Project plans could be written into persistent agent context files and later affect other coding agents or sessions.
The bundled script is designed to persistently create or update agent instruction/context files across many AI tools, which can influence future agent behavior and is broader than the top-level OpenClaw workflow description.
# Creates new agent context files from templates when needed # Updates existing agent files with new project information # Supports: Claude, Gemini, Copilot, Cursor, Qwen, opencode, Codex, Windsurf... # Can update single agents or all existing agent files # Creates default Claude file if no agent files exist
Review any generated CLAUDE.md, AGENTS.md, Cursor/Copilot rule files, or similar context files before relying on future agent behavior.
If enabled, the agent can publish code and workflow artifacts to the configured repository remote after each implementation chunk.
Automated branch creation, commits, and pushes are high-impact repository operations. The skill does disclose them and requires an initial user opt-in, so this is a notice rather than a standalone concern.
Before starting the workflow... you MUST ask the user: "Do you want to enable automated `git commit`, `git push`, and branch creation..." ... "Commit & Push: After each successfully completed chunk, the sub-agent MUST commit and push the changes to the repository."
Only answer yes for repositories where automated pushes are acceptable; prefer feature branches, protected branches, and reviewing diffs before merging.
The agent may use your SSH keys or credential helper to write to the same repositories you can write to.
The workflow expects to use the user's existing git authentication for write operations. This is purpose-aligned, but it gives the agent delegated authority over the repository.
**Git Access**: The agent requires Read/Write access to the repository to save specifications, plans, and code changes. Ensure your environment is authenticated (e.g., via SSH keys or a credential helper).
Use least-privilege repository credentials and avoid enabling automated pushes from environments with access to sensitive or production repositories unless intended.
Work may be split across multiple agent sessions, making it harder to see every intermediate decision unless logs and diffs are reviewed.
The skill uses multiple sub-agents and new sessions as part of its workflow. This is disclosed and purpose-aligned, but users should understand that repository context and delegated permissions may cross session boundaries.
For each phase below, you should create or delegate to a specialized sub-agent... Trigger a new agent session for implementation... For each chunk, delegate to a sub-agent using `speckit-implement`.
Keep audit logs, review sub-agent outputs, and confirm that git permission choices are respected by each delegated session.
It may be harder to verify the package origin or compare it with an upstream release.
The provided metadata lacks a source/homepage, and the bundled _meta.json reports version 1.0.1, which does not match the registry version 1.0.3. This is a provenance/versioning ambiguity, not evidence of malicious behavior.
Source: unknown; Homepage: none; Registry metadata: Version: 1.0.3
Verify the publisher and package contents before installing, especially because the skill can modify repositories and agent context files.