ClawHub

Subagent Driven Development

v0.1.0

Execute implementation plans by dispatching a fresh subagent per task with two-stage review (spec compliance then code quality). Use when you have an implementation plan with mostly independent tasks and want high-quality, fast iteration within a single session.

0· 847·4 current·4 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (dispatch fresh subagents, two-stage review) align with the SKILL.md content. The skill does not request unrelated credentials, binaries, or config paths.
Instruction Scope
The runtime instructions assume the controller/agent will implement dispatching subagents, run tests, make commits, and reference git SHAs — but the skill does not include the referenced prompt files (references/*.md) and does not declare or limit how subagents are dispatched. The instructions therefore implicitly assume repository, filesystem, and git/tool access that are not made explicit. This is coherent for a developer orchestration skill but incomplete and gives the agent broad discretion.
Install Mechanism
No install spec and no code files — lowest-risk installation model. The README shows an npx install example, but no actual install script or package is provided in the registry entry; that's a documentation/incompleteness issue rather than an install risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. However, the instructions imply the need for access to the working repository, git, test runner, and possibly external issue trackers or CI; those are not requested explicitly.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request persistent presence or attempt to modify other skills or global agent settings in the provided text.
What to consider before installing
This is an instruction-only orchestration skill that looks coherent for per-task development work, but it omits some concrete pieces and implicitly requires repository/git/test-run privileges. Before installing or using it: - Confirm where the referenced prompt templates (references/implementer-prompt.md, spec-reviewer-prompt.md, code-quality-reviewer-prompt.md) come from — they are not included in the package. Ask the publisher for the exact prompt text. - Only run this skill in an environment you trust. It expects the controller to run tests, commit code, and operate on a repo; granting those capabilities to an agent gives it the ability to modify source and push commits. - If you plan autonomous invocation, limit the agent's repository/write/network permissions or test in a sandbox first. - If you need stricter guarantees, request an explicit install artifact or prompts and a clear dispatch mechanism (how subagents are spawned), and consider adding guardrails (dry-run mode, approval steps, scoped commit access). These gaps don't imply malicious intent, but they are practical inconsistencies you should clarify before handing the skill live repository or execution privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eh7xhrzcck4rpm90behd82s80waz6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments