v1.0.0

Openclaw Rd Pipeline

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:24 AM.

Analysis

This workflow is coherent, but it should be reviewed because it can update Feishu work items and use repository permissions to implement code, push branches, and open PRs through subagents.

GuidanceReview before installing or running. Use least-privilege Feishu and Git access, confirm the exact workspace, repository, branch, and owner mapping, require human approval for pushes/PRs/status changes, limit Feishu history/wiki reads, and clean up tmux sessions after completion.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

create Feishu master task/doc ... commit and push feature branch ... open PR to production branch

The skill directs the agent to mutate Feishu workflow state and repository state. These actions are central to the purpose, but they are high-impact and the artifact does not require explicit approval before each push, PR, task update, or bug-loop mutation.

User impactThe agent could change project tracking records, create bug subtasks, publish a branch, open a PR, and leave comments/statuses under available account permissions.

RecommendationRun only with least-privilege Feishu and Git permissions, restrict the target workspace/repository/branch, and require human confirmation before pushing code, opening PRs, or changing task status.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Use an isolated git worktree and dedicated tmux session per subagent.

Dedicated tmux sessions and subagents are disclosed and purpose-aligned, but tmux sessions can persist beyond a single command and the artifact does not describe cleanup after closure.

User impactStale sessions or worktrees could retain project context or continue to exist after the task is finished if not manually closed.

RecommendationName sessions clearly, audit active tmux sessions/worktrees, and terminate them after the pipeline completes.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

For multi-module or multi-scenario tasks, call Superpowers skill for decomposition

The artifact references an optional external skill that is not included, version-pinned, or declared in the install metadata. The fallback is manual decomposition, so this is a dependency awareness note rather than evidence of malicious behavior.

User impactIf an untrusted or unexpected 'Superpowers' skill is installed, it could influence decomposition and acceptance criteria.

RecommendationOnly enable a trusted/versioned Superpowers skill, or use the documented manual decomposition fallback.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceMediumStatusNote

metadata

Required env vars: none ... Primary credential: none

The registry metadata declares no credential contract, while the SKILL.md workflow requires Feishu and Git authority to create tasks, push branches, and open PRs. This is expected for the integration, but users should not assume no account permissions are involved.

User impactThe skill may act with whatever Feishu and Git access is available to the agent or user environment, which could be broader than the intended project.

RecommendationUse dedicated, least-privilege credentials or tool scopes and verify which Feishu workspace and Git repository permissions the agent can use.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Query historical tasks in same Feishu group ... Load project Feishu wiki docs ... Reuse prior parsing logic

The workflow intentionally pulls private historical tasks and wiki content into the project context and refined prompt. This is useful for R&D work, but retrieved content can be sensitive and may influence downstream implementation decisions.

User impactPrivate project history, product docs, API docs, and norms may be exposed to the agent context and reused in generated requirements, PR text, reviews, and notifications.

RecommendationLimit Feishu queries to the intended group/project tag, review cited sources, and avoid loading unrelated or highly sensitive wiki pages.