Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
产品经理PRD工具
v0.1.0产品经理专用的 PRD(产品需求文档)生成、优化与扩展工具。用于从自然语言描述创建结构化 PRD、对现有 PRD 进行澄清式审阅以补全模糊点、或向已有 PRD 追加新功能。当用户提到"写 PRD""生成产品需求文档""需求文档""优化/澄清 PRD""review PRD""给 PRD 加功能""PRD 新增需求...
⭐ 0· 57·0 current·0 all-time
byAustin@xu4wang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (PRD generation/clarify/extend) match the SKILL.md workflows. The actions the skill performs (parse user text, read/write PRD files, ask clarifying questions) are appropriate for a PRD tool. Minor mismatch: instructions call out using Bash (mkdir -p) but the skill declares no required binaries.
Instruction Scope
The SKILL.md instructs the agent to read arbitrary file paths provided via $ARGUMENTS and to create directories and write files to the filesystem (./prds/<name>.md or user-supplied paths). There are no explicit guards restricting writes to the agent workspace or preventing writes to sensitive system paths. The skill will also modify files in place (adding clarifications and sessions). No external network endpoints are referenced. Because file reads/writes are central, lack of path-scope constraints is a security concern.
Install Mechanism
Instruction-only skill with no install spec or code files—nothing is downloaded or written during install. This is low risk from an installation perspective.
Credentials
Skill requests no environment variables, credentials, or config paths; this is proportionate to its stated purpose.
Persistence & Privilege
always:false (normal). The skill is allowed autonomous invocation (platform default); combined with its file-write behavior this increases impact if the agent invokes it without clear user direction. There is no request to modify other skills or system settings.
What to consider before installing
This skill appears to implement the advertised PRD workflows, but it instructs the agent to read and write files and to run shell commands without limiting where it can write. Before installing or running it:
- Only pass file paths inside a safe workspace (avoid system paths like /etc, ~/). Prefer relative paths inside a sandboxed project directory.
- If possible run the skill first in a disposable workspace and review the produced files before using them elsewhere.
- If you expect to run in an environment without a shell, note the SKILL.md references Bash (mkdir -p); confirm the runtime provides a shell or adjust the instructions.
- Because the skill can autonomously be invoked by the agent, consider disabling autonomous invocation or restricting when/which prompts can trigger it until you’re comfortable with its behavior.
- Ask the author (or edit SKILL.md) to add explicit path-safety rules (e.g., refuse absolute paths, normalize and restrict to ./workspace or ./prds) and an explicit statement that no external network calls are made.
If you need lower risk: run the skill manually (not autonomously) and always inspect/backup files the skill will modify.Like a lobster shell, security has layers — review code before you run it.
chinesevk974x7t11n6c8m886sadmd2nxn84p0ftlatestvk974x7t11n6c8m886sadmd2nxn84p0ftpmvk974x7t11n6c8m886sadmd2nxn84p0ftprdvk974x7t11n6c8m886sadmd2nxn84p0ftproduct-managementvk974x7t11n6c8m886sadmd2nxn84p0ftwritingvk974x7t11n6c8m886sadmd2nxn84p0ft
License
MIT-0
Free to use, modify, and redistribute. No attribution required.