super-dev-factory
PassAudited by ClawScan on May 6, 2026.
Overview
This instruction-only development workflow is coherent for software engineering, but users should supervise its broad project edits, test execution, and optional multi-session workflow.
Install/use this only as a supervised development assistant: work on a branch, keep database changes in local or staging environments unless explicitly approved, avoid sharing secrets across sessions, and independently review the generated code and tests.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may change code, tests, documentation, and database schemas when the user asks it to work on a project.
The skill can guide broad project file changes and database migration artifacts. This is expected for a development skill, but it is high-impact if applied to the wrong repository or database.
每个 Delta Atom 分配到独立虚拟工作区,同时修改各自文件、编写单元测试。... 如果涉及数据库变更,提供每个原子的独立 `ALTER` 与 `ROLLBACK`。
Use a branch or sandbox, review the proposed atoms before applying changes, and run database migrations only against local or staging databases unless explicitly approved.
Project details could be shared across multiple agent sessions if the user chooses that workflow.
The optional multi-session workflow may pass project context between sessions, but the artifacts do not define identity, trust boundaries, or what context should be excluded.
若你使用支持多实例的工具,可将原子分配给不同会话并行处理,最后汇合本会话做集成快照。
Only use trusted sessions, avoid sharing secrets or private configuration files, and review the final integrated changes in one controlled workspace.
A user might over-trust generated code or tests because the prompt promises very strong quality guarantees.
The skill uses absolute quality and security language that is not backed by runnable artifacts; users should not treat generated code as automatically secure or defect-free.
追求极致效率与零缺陷。... 安全内建:自动预防 OWASP Top 10,所有输入验证与净化。
Treat the claims as aspirational and still perform normal code review, security testing, and production readiness checks.