ClawHub

Openclaw Ceo Review

v1.0.1

CEO-perspective plan review and strategy upgrader supporting four modes: expansion/selective expansion/hold scope/scope reduction. Automatically outputs prem...

0· 51·0 current·0 all-time
by@x-rayluan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is a strategy/plan reviewer for codebase-anchored plans. Its instructions focus on scanning the repository (git logs/diffs, TODOs, design docs) and producing a structured review; asking to read these files and run git commands is coherent with that purpose.
Instruction Scope
SKILL.md explicitly instructs the agent to run repository-scanning shell commands (git log, git diff, grep) and to read files like CLAUDE.md, TODOS.md and design docs. That scope is appropriate for a pre-release plan audit, but it does grant the agent broad read access to the project tree (which may include sensitive files). The instructions do not direct any network exfiltration or access to unrelated system paths.
Install Mechanism
No install specification or external downloads — instruction-only. Nothing will be written to disk by an installer and no external packages are pulled.
Credentials
The skill declares no required environment variables, credentials, or config paths. The only implicit requirement is read access to the repository where it's run, which aligns with its stated review function.
Persistence & Privilege
always:false and no instructions to persist or modify agent/system-wide settings. The skill does not request elevated or permanent privileges and explicitly states that scope changes require explicit user consent.
Assessment
This skill appears internally consistent, but review these before installing: 1) It runs repo-scanning shell commands and reads project files — only run it in projects you trust or in a copy if the repo contains secrets. 2) Ensure the agent runtime is configured for read-only access (or sandboxed) if you are concerned about accidental writes or accidental exposure. 3) Confirm that the agent will prompt you (AskUserQuestion) before changing scope — the SKILL.md promises this, but your agent's runtime should enforce it. 4) If you plan to run this against private repos, consider running it locally or in an environment without outbound network access to reduce exfiltration risk. Overall the behavior matches its description; no installs or external credentials are requested.

Like a lobster shell, security has layers — review code before you run it.

latestvk97047jw75wazqec7wb0vrq53h83ygen

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments