Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
5skill
v1.0.0Create and manage Product Requirements Documents with user stories, verifiable acceptance criteria, and ordered implementation tasks.
⭐ 0· 55·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The README and templates are coherent with a PRD/agent-execution workflow: they define prd.json, user stories, and how to track progress. However the SKILL.md and references assume use of CLIs (claude, opencode, git, jq, dev-browser) and autonomous agent execution; the skill metadata declares no required binaries or credentials, which is an omission (missing declared dependencies/tools needed to run the documented flows).
Instruction Scope
The instructions go beyond authoring PRDs: they include an unattended agentic loop (while :; do claude --print --dangerously-skip-permissions ... done) that tells an agent to read prd.json, check out branches, implement code, run tests/typechecks, commit changes, and update progress files. That pattern can autonomously change repositories and the explicit use of '--dangerously-skip-permissions' instructs operators to bypass permissions/safety checks — a clear operational and security risk.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written to disk by the skill itself. That lowers installation risk, but the documentation expects external CLIs and tools to be present.
Credentials
The skill requests no environment variables or credentials, which is good from a secrets-exfiltration perspective. However the instructions assume use of agent CLIs and git operations that normally require local tooling and possibly API tokens; the omission of any declared required credentials/tools is a proportionality/metadata mismatch that could hide important operational prerequisites.
Persistence & Privilege
The skill itself is not marked 'always:true', but the provided agent usage patterns encourage running autonomous, long-running loops that repeatedly invoke agents to edit code and commit changes. Combined with the recommendation to bypass permission checks, this increases blast radius if run unattended. The skill does not request explicit elevated platform privileges, but operational guidance effectively advocates persistent autonomous execution.
Scan Findings in Context
[cli-bypass-permissions-flag] unexpected: The references include the exact command-line flag '--dangerously-skip-permissions' which instructs bypassing agent permission/safety checks. This is not expected for a PRD authoring skill and is a security concern.
What to consider before installing
This skill's PRD templates and guidance are generally useful for planning, but the runtime documentation contains risky operational instructions. Before using it: (1) Do NOT run the provided 'unattended agentic loop' as-is — it can autonomously modify your repo and run indefinitely. (2) Never use the '--dangerously-skip-permissions' flag or other directives that bypass agent safety checks. (3) Run any agentic execution in an isolated sandbox or throwaway clone, with human review steps enabled. (4) Verify and restrict any CLIs or tokens the agent would need (claude, opencode, git, jq, dev-browser) and add those requirements to the skill metadata. (5) Consider adding explicit human-in-the-loop approval before commits, and back up your repository before testing. If you need the automation, require the skill to declare required binaries/credentials and remove instructions that bypass permissions.Like a lobster shell, security has layers — review code before you run it.
latestvk97b4w9jqvkk0t27szx57yz2ah83n60v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.