4skill

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is mostly a PRD-writing skill, but its reference docs recommend an unattended coding-agent loop that disables permission prompts and could modify a project without review.

This skill appears safe for drafting and editing PRD files, but avoid the documented unattended loop, especially the --dangerously-skip-permissions command. If you use the autonomous workflow, run it only in a sandbox or separate worktree, review every change, and keep persistent progress notes free of secrets.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

High

What this means

If followed, this could let an agent make repeated codebase changes without normal approval prompts.

Why it was flagged

This explicitly recommends an unattended loop that disables permission prompts while asking a coding agent to implement changes and update project files.

Skill content

while :; do
  claude --print --dangerously-skip-permissions \
    "Read prd.json, find first story where passes=false, implement it, run checks, update passes=true if successful"
done

Recommendation

Do not run the permission-skipping loop in a real project. Use interactive approvals, a disposable worktree, tests, and human review before committing or merging changes.

#ASI10: Rogue Agents

Medium

What this means

An unattended process could continue consuming resources or making further attempts after the intended work is finished.

Why it was flagged

The shown shell loop has no built-in break condition, so it can keep launching the agent even after the PRD is complete.

Skill content

## Unattended Agentic Loop

### Claude Code
```bash
while :; do

Recommendation

Add a real stop condition, require user confirmation between iterations, and avoid long-running autonomous loops unless they are sandboxed and monitored.

#ASI06: Memory and Context Poisoning

Low

What this means

Incorrect, stale, or sensitive notes in progress.txt could influence later agent behavior or expose project details.

Why it was flagged

The workflow creates persistent project context that later agents are instructed to read and trust.

Skill content

Read `progress.txt` (check Codebase Patterns first) ... Append to `progress.txt` after each iteration (never replace)

Recommendation

Review progress.txt before reuse, avoid storing secrets in it, and treat its contents as advisory rather than authoritative.