Subagent Driven Development
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make and commit code changes task by task without asking the user between tasks.
The skill asks the agent to autonomously implement, test, and commit code across tasks. This is central to the stated purpose and includes review steps, but it is still meaningful mutation authority over a codebase.
Use when you have an implementation plan ... within a single session (no human-in-the-loop between tasks) ... Implement + test + commit + self-review
Use it on a dedicated development branch, with a clear implementation plan, and review the final diff before merging or deploying.
The exact referenced role prompts are not reviewable from the supplied artifacts, so behavior may depend on fallback interpretation by the agent.
The manifest provided for review contains only SKILL.md, so the referenced prompt files are not available in the artifact set. This is a packaging/provenance gap rather than evidence of malicious behavior.
Three reference prompts are provided for the subagent roles: ... `references/implementer-prompt.md` ... `references/spec-reviewer-prompt.md` ... `references/code-quality-reviewer-prompt.md`
Verify whether the installed package includes the referenced prompt files, or ensure the controller provides clear role instructions before relying on the workflow.
Project details, task text, and architectural context may be shared with several subagents during the same session.
The workflow intentionally passes task and architecture context among multiple subagents. This is disclosed and purpose-aligned, but users should be aware that project context may be copied into multiple agent contexts.
Dispatch Implementer ... Dispatch Spec Reviewer ... Dispatch Code Reviewer ... Give each subagent the complete task text + architectural context
Avoid including secrets in implementation plans or shared context, and keep subagent prompts focused on the minimum context needed for each task.