ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Spec Coder

v0.1.4

Structured spec-first development workflow with multi-role expert review gates: clarify requirements, author spec documents (requirements/design/tasks), gene...

0· 148·0 current·0 all-time
byPan Xiaohua@xhuaustc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the SKILL.md: it is a spec-first workflow that reads/writes spec files, generates code, runs reviews, and produces merge/delta instructions. That capability reasonably requires reading the project's specs and codebase. However, the skill declares no required binaries, no tooling, and no credentials despite describing phases that generate code and verify it with tests (Phase 3/4). The lack of declared toolchain (build/test runner, git) is a minor incoherence — the skill expects capabilities that are not enumerated in its metadata.
!
Instruction Scope
Runtime instructions explicitly tell the agent to read project files (specs/status.md, trunk specs, codebase files in Phase 0) and to generate artifacts (delta.md, spec_xxx.md, code + tests). Reading the codebase and spec tree is coherent for the stated purpose, but the skill does not explicitly restrict which repo paths to read (e.g., it doesn't say to avoid .env, credentials, or unrelated config). That lack of explicit exclusion increases risk of accidental exposure of secrets when the agent performs a codebase scan or 'reads the codebase'.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute. This is low risk from an installation perspective — nothing will be downloaded or written to disk by the registry install step itself.
Credentials
The skill requests no environment variables or credentials in metadata (good). However, workflow docs reference generating commits, running verification tests, and producing delta/merge instructions (git-based operations and test runners). Those actions typically require toolchain access and repo-level write permissions; they are not declared. This is a proportionality gap (missing declared requirements) rather than an explicit demand for unrelated credentials.
Persistence & Privilege
always:false and no install actions or persistent background behavior are declared. The agent may invoke the skill autonomously (platform default) but nothing in the metadata grants it permanent/system-level privileges or modifies other skills. Note: the skill supports 'Auto-approve' user preferences which, if set by the user, could allow the workflow to proceed automatically without manual gate checks — that is a user-configurable risk rather than a hidden privilege.
What to consider before installing
This skill appears to implement a reasonable spec-first workflow, but there are a few things to check before installing or using it: - Repository/file access: the skill instructs the agent to read the project codebase and specs. If your repo contains secrets (.env files, API keys, private config), consider removing or redacting them before running the skill, or restrict the agent's workspace to only the docs/specs subtree. - Tooling & permissions: the workflow mentions generating code, running tests, and creating merge/delta commits, but the skill metadata does not list required tools (git, language runtimes, test runners) or required write permissions. Ensure the runtime environment has the appropriate build/test tools and grant the agent only the minimal filesystem/git permissions needed. - Auto-approve and review preferences: the skill supports auto-approval policies (including an explicit "Auto-approve all gates" preference). Treat these as sensitive settings — avoid enabling global auto-approve unless you fully trust the agent and audit outputs. - Audit generated changes: require a human review step (or a protected branch) before any automatic merge-to-trunk is applied. Prefer the skill generate delta.md and pull requests rather than making direct commits. - If you need higher assurance: ask the skill author for explicit lists of required binaries and exact commands the agent will run for Phase 0–4, and for an explicit scope of file paths the skill will read/write. If the author can't provide that, use the skill in a sandboxed repository copy only.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bx60wrz929xar2j8n5s9zx9841y8h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments