Subagent Driven Development
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: subagent-driven-development-2 Version: 0.1.0 The skill bundle describes a workflow for an AI agent to orchestrate subagents for software development tasks. The `SKILL.md` file contains detailed instructions for the agent, including responsibilities, quality gates, and guardrails (e.g., 'NEVER Do'). There is no evidence of prompt injection attempts to manipulate the agent into performing unauthorized actions, exfiltrating data, or executing malicious commands. The instructions are entirely aligned with the stated purpose of managing a development process.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make and commit code changes task by task without asking the user between tasks.
The skill asks the agent to autonomously implement, test, and commit code across tasks. This is central to the stated purpose and includes review steps, but it is still meaningful mutation authority over a codebase.
Use when you have an implementation plan ... within a single session (no human-in-the-loop between tasks) ... Implement + test + commit + self-review
Use it on a dedicated development branch, with a clear implementation plan, and review the final diff before merging or deploying.
The exact referenced role prompts are not reviewable from the supplied artifacts, so behavior may depend on fallback interpretation by the agent.
The manifest provided for review contains only SKILL.md, so the referenced prompt files are not available in the artifact set. This is a packaging/provenance gap rather than evidence of malicious behavior.
Three reference prompts are provided for the subagent roles: ... `references/implementer-prompt.md` ... `references/spec-reviewer-prompt.md` ... `references/code-quality-reviewer-prompt.md`
Verify whether the installed package includes the referenced prompt files, or ensure the controller provides clear role instructions before relying on the workflow.
Project details, task text, and architectural context may be shared with several subagents during the same session.
The workflow intentionally passes task and architecture context among multiple subagents. This is disclosed and purpose-aligned, but users should be aware that project context may be copied into multiple agent contexts.
Dispatch Implementer ... Dispatch Spec Reviewer ... Dispatch Code Reviewer ... Give each subagent the complete task text + architectural context
Avoid including secrets in implementation plans or shared context, and keep subagent prompts focused on the minimum context needed for each task.