This skill provides a complete multi-agent collaboration system for product-driven development loops
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: devloop-agent-pack Version: 1.0.0 The devloop-agent-pack is a highly structured multi-agent orchestration system for software development, defining six specialized roles (Product, Core Dev, Dev, Test, Marketing, Research) with complex inter-agent communication via `sessions_send`. While the instructions are professional and aligned with the stated purpose, the agents are granted broad, high-risk capabilities including shell access (`Bash`) in `devloop-core-dev.md`, `devloop-dev.md`, and `devloop-test.md`, as well as network access (`WebSearch`, `WebFetch`) in the other agents. The system also utilizes a persistent memory and behavior override mechanism (`SOUL.override.md`, `MEMORY.md`) and references an external `BOOTSTRAP.md` for initialization. Per the analysis criteria, the presence of these risky capabilities, even when plausibly needed for the stated purpose, warrants a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on a real project, the agent may run commands, change code, and merge work into main.
The Core Dev role is explicitly allowed to use shell execution and operate on the main branch. This is aligned with the development-orchestration purpose, but it can directly affect repository state.
拥有全部工具权限(包括 exec/bash)... 可直接在 main 分支操作
Use this only in trusted repositories, keep branch protections/backups enabled, and require explicit user approval before push, merge, deploy, or destructive commands.
The agent could create or update remote branches using the user's repository authority.
The Dev Agent workflow includes pushing to a remote git repository, which may use the user's configured git credentials and repository permissions.
git push origin feat/<feature-name>
Run it with least-privileged repository access, review commits before push, and avoid using it with production remotes unless branch protections are in place.
Private project or user context may remain in workspace files and affect later agent sessions.
The skill explicitly stores and reloads long-term memory that may contain private context, so future behavior can be influenced by persistent local files.
长期记忆 | `MEMORY.md` | 跨 session 持久知识(仅主 session 加载,含私人上下文)
Do not store secrets in MEMORY.md or daily memory files, review memory contents periodically, and keep these files out of untrusted repositories if they contain private information.
Incorrect or spoofed inter-agent messages could cause agents to act on the wrong task, share the wrong context, or start code work prematurely.
The workflow relies on asynchronous agent-to-agent messages and shared directories. This is central to the skill, but sender validation and message trust boundaries are not specified in detail.
所有 Agent 通过 `sessions_send` 进行异步通信。
Confirm the sender, task scope, branch, and file list before agents perform code changes or share sensitive documents.
A workspace-provided override file could change how the agents behave during coding, research, or coordination.
The skill intentionally lets local override files take priority over bundled agent instructions. This is a disclosed customization feature, but local files can redirect agent behavior.
优先级:`SOUL.override.md` > `SOUL.md` > 各 Agent `.md`
Review SOUL.override.md and related bootstrap/customization files before use, especially in repositories from other people.
If the user separately enables scheduling, agents may perform web searches and update memory files without a prompt for each run.
The workflow describes cron-triggered daily research and memory updates. The provided artifacts do not install a cron job, so this is a documented optional operating mode rather than hidden persistence.
[Cron 触发] → Product Agent 执行每日热点工作流
Only enable scheduled runs intentionally, keep their workspace and output paths scoped, and review generated memory/report files.