clawlite-office-hours
v1.0.0中文:YC Office Hours 风格的产品前置咨询,在写代码前重构问题定义。通过 Startup / Builder 模式给出问题真相、最小切入、指标与风险洞察,避免盲目开发。 日本語:YC Office Hours形式の事前思考支援。コーディング前に問題定義を再構築し、Startup/Builderモード...
⭐ 0· 59·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description (pre-coding product diagnosis) matches the runtime instructions (read project docs, inspect git history, map relevant code areas, generate design docs). Small mismatch: SKILL.md tells the agent to run git/grep and read/write files, but the registry metadata lists no required binaries — the instructions implicitly expect git/grep and filesystem access even though they aren't declared.
Instruction Scope
Instructions stay within the stated consulting purpose: they explicitly direct reading project files (e.g., CLAUDE.md, TODOS.md), running 'git log --oneline -10', grepping the codebase, asking structured questions, and writing a design document into the project directory. This is coherent, but it means the agent will access repository contents and git history (which may include sensitive information) and will write files into the repo.
Install Mechanism
There is no install spec and no code files; this is instruction-only so nothing is downloaded or installed. That minimizes supply-chain risk.
Credentials
The skill declares no environment variables, credentials, or config paths — and the instructions do not request external API keys or unrelated secrets. The only implied requirements are local tools (git, grep) and filesystem access, which are proportional to analyzing a code repository.
Persistence & Privilege
always:false and no special persistence are set. The skill can be invoked by the agent (normal default), but it does not request permanent presence or modify other skills' configs.
Assessment
This skill is coherent for pre-coding product diagnosis, but it will read your repository files and git history and will write a design document into the project. Before installing/use: (1) only run it on repos you trust (avoid repos with secrets or sensitive history); (2) ensure your environment has git/grep available or expect failures; (3) review the generated design doc and any file changes before committing or sharing; (4) if you want stricter control, run the skill in a sandbox or a copy of the repo so it cannot access unrelated files; (5) consider asking the publisher to declare required binaries (git/grep) to remove the small metadata mismatch.Like a lobster shell, security has layers — review code before you run it.
latestvk97bf9q2d4n1xf9mm7n2b8n2k983vs7y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.