PRE Engineering Skill
PassAudited by ClawScan on May 13, 2026.
Overview
This appears to be a legitimate document-only setup skill, but if you launch the generated loops, agents can keep running and edit your project code.
Install this only if you want an autonomous multi-agent coding workflow. Before launching /loop agents, start from a clean git state, inspect the generated .pre documents, avoid running it in repos with unrelated secrets, record job IDs, and review all code changes before using them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Project files may be inspected during setup, and some inferred details may be written into the generated .pre documents.
The setup workflow may read local project files to infer requirements. This is expected for a project-initialization skill, but it can expose project details to the agent context and generated documents.
Auto-scan project directory to infer available information... Auto-scan README.md, design docs, package.json, requirements.txt, etc.
Use this only in the intended project directory, choose manual entry if the repo contains sensitive unrelated documents, and review generated .pre files before starting agents.
Once launched, agents may change source files and could introduce unwanted bugs or design choices.
The Executor role is explicitly designed to make code changes under the project source path. This matches the skill's engineering purpose but is still local mutation authority.
Formulate own execution plan based on Planner's requirement and approach — plan autonomously then code... Deliverable files should be placed under the project code path (../src)
Start from a clean git state, keep backups or a baseline commit, and review diffs/commits before relying on the generated changes.
If the user starts the loops, agents can continue operating until DONE or until cancelled.
The workflow uses persistent loop tasks for multiple agents. The artifacts disclose this and include cancellation guidance, so it is not hidden persistence.
Planner, Executor, and Reviewer each have independent loop tasks, all need independent job ID recording... Pause: Execute `/schedule-cancel <job-id>`
Record every job ID, cancel loops when pausing work, and confirm the latest collaboration-log status before leaving agents unattended.
A modified collaboration log could cause agents to enter the wrong phase or act on misleading instructions.
The persistent collaboration log controls what each agent does. This is the intended coordination mechanism, but untrusted edits to the log could influence future agent actions.
`Status: <status_code>` — The status code is the sole basis for agents to determine execution conditions
Keep .pre/collaboration-log.md under trusted control, review unexpected log entries, and avoid accepting untrusted changes to the .pre directory.