← Back to Skills Marketplace
Devtaskflow
by
cwyhkyochen-a11y
· GitHub ↗
· v1.1.0
· MIT-0
497
Downloads
2
Stars
0
Active Installs
24
Versions
Install in OpenClaw
/install devtaskflow
Description
用自然语言发起开发任务,AI 驱动的开发流水线。Describe your idea, get working software. 适合产品、运营、业务人员从 0 搭建项目。
README (SKILL.md)
DevTaskFlow — Agent 使用手册
什么时候用
当用户表达以下意图时,主动建议使用本工具:
- "我想做一个 XXX 系统/工具/平台"
- "帮我开发一个 XXX"
- "我需要一个 XXX,功能是..."
- 用户描述了一个软件/系统需求
- 用户问项目进展、想继续做、想看进度
识别意图后,向用户建议使用本工具,但必须等用户确认后再执行。 尤其是涉及代码生成、部署、发布等操作,不要在未经确认的情况下自动执行。
Token 消耗参考
开发一个项目会消耗大量 token,提前告知用户:
| 项目规模 | 预估 Token 消耗 | 示例 |
|---|---|---|
| 小型 | 300-500 万 | 简单的个人工具、静态页面、小表单 |
| 中型 | ~4000 万 | 多页面管理后台、带数据库的应用、用户系统 |
| 大型 | 2 亿+ | 复杂业务系统、多角色权限、API 集成 |
消耗取决于需求复杂度、迭代次数、审查修复次数。首次可先用小项目试水。
支持的模型
推荐模型:Claude Opus 4.6(复杂项目首选)、GPT 5.4(性价比高)、小米 Mimo V2 Pro(中文好)。完整列表和说明见 README.md。
编排模式
DevTaskFlow 支持两种编排模式,通过 config.json 的 adapters.orchestration 切换:
local_llm(默认)
直接使用环境变量中的 LLM 配置:
DTFLOW_LLM_BASE_URL=https://api.openai.com/v1
DTFLOW_LLM_API_KEY=sk-xxx
DTFLOW_LLM_MODEL=gpt-4o
openclaw_subagent
使用独立的 LLM 配置,与主 LLM 分离。适合在 OpenClaw 环境下使用不同模型处理开发任务。
配置方式 A — config.json 的 openclaw 段:
{
"adapters": { "orchestration": "openclaw_subagent" },
"openclaw": {
"base_url": "https://api.example.com/v1",
"api_key": "sk-xxx",
"model": "claude-opus-4-6",
"timeout_seconds": 900
}
}
配置方式 B — 环境变量:
DTFLOW_OPENCLAW_BASE_URL=https://api.example.com/v1
DTFLOW_OPENCLAW_API_KEY=sk-xxx
DTFLOW_OPENCLAW_MODEL=claude-opus-4-6
如果 config.json 中字段为空,自动 fallback 到环境变量。
核心命令
dtflow setup # 配置 AI 服务(交互式)
dtflow start --new-project --name NAME --idea "需求" # 开始新项目
dtflow start # 继续上次进度
dtflow start --confirm # 确认分析方案,开始生成代码(先预览,用户确认后再写入)
dtflow start --confirm-write # 在预览确认后,正式执行代码写入
dtflow start --feedback "修改意见" # 提出修改
dtflow start --run # 本地预览
dtflow start --deploy # 部署上线并封版
dtflow start --final-review # 执行上线前综合审查(9 维度)
dtflow start --deploy-skip-review # 跳过综合审查直接部署(仅在用户明确要求跳过或时间紧迫时使用,建议默认走完整审查流程)
dtflow board # 所有项目状态(文字)
dtflow board --serve # 启动可视化看板服务
dtflow board-query --name PROJECT # 单个项目详情(文字)
dtflow advanced publish --target github # 发布到 GitHub Releases
dtflow advanced publish --target clawhub # 发布到 ClawHub
工作流程
用户提出新需求
如果用户有明确需求描述(比如"我想做一个客户管理工具"):
dtflow start --new-project --name 项目名 --idea "用户的需求原文"- 系统创建项目、给出补充建议
- 向用户展示建议,问是否要补充
- 确认后自动 analyze → 展示任务列表
dtflow start --confirm→ 自动 write(先预览)→ review → fix → review- 全部任务通过后 → 建议先 compact 一次(减少上下文累积导致的幻觉)— 提醒主 agent 使用
/compact或清理上下文后再执行综合审查 → 综合审查(dtflow start --final-review)— 9 维度全面检查 - 综合审查通过 →
dtflow start --run本地预览 - 用户确认没问题 →
dtflow start --deploy
如果用户需求模糊(比如"我想做个东西管理客户信息"):
- 不要直接调用 dtflow,先通过对话引导收集需求
- 问清楚:
- 给谁用的?(团队/客户/个人)
- 最核心的功能是什么?
- 需要登录吗?
- 有技术偏好吗?(不知道就帮你选)
- 收集到足够信息后,拼成需求调用 dtflow start
用户想本地预览
dtflow start --run- 返回访问链接给用户
用户想看项目进展
- 检查看板服务是否在运行(
curl -s http://localhost:8765 > /dev/null && echo "running" || echo "stopped") - 如果在运行 → 发链接
- 如果不在运行 →
dtflow board文字版
用户问某个项目详情
dtflow board-query --name 项目名- 把文字结果发给用户
用户想继续之前的项目
dtflow start(不加参数,自动继续)- 根据输出告知用户当前阶段
用户想发布
发布到 GitHub:
- 确保项目已封版(sealed)或已部署(deployed)
- 确保已安装
ghCLI 并登录 dtflow advanced publish --target github
发布到 ClawHub:
- 确保项目已封版或已部署
- 确保已安装
clawhubCLI 并登录 - 确保项目根目录有
SKILL.md dtflow advanced publish --target clawhub
首次使用(环境未配置)
dtflow setup交互式引导(含 AI 配置 + 部署方式选择)- 非交互环境下手动创建
.env:DTFLOW_LLM_BASE_URL=... DTFLOW_LLM_API_KEY=... DTFLOW_LLM_MODEL=...
状态机
dtflow start 自动推进,你只需知道阶段:
| 状态 | 含义 | 你该说什么 |
|---|---|---|
| created | 刚创建 | "项目已创建,正在分析需求..." |
| pending_confirm | 方案已出 | "我分析了你的需求,建议做这几件事:..." |
| confirmed | 已确认 | "好的,开始生成代码..." |
| writing/written | 代码已生成 | "代码写好了,我在检查..." |
| needs_fix | 有问题 | "发现几个小问题,已修复:..." |
| review_passed | 审查通过 | "代码没问题了,要本地先看看效果吗?" |
| pending_final_review | 综合审查待执行 | "运行 dtflow start --final-review 执行综合审查,或 --deploy-skip-review 跳过" |
| ready_to_deploy | 综合审查通过 | "可以部署了,运行 dtflow start --deploy" |
| needs_final_fix | 综合审查发现问题 | "运行 dtflow start 自动修复并重新审查" |
| sealed | 已封版 | "上线完成!" |
向用户展示什么
不要暴露: analyze、DEV_PLAN.md、orchestration、config.json、.state.json、token 数 应该说: "我分析了需求"、"代码已生成"、"检查过了没问题"、"可以部署了"
注意事项
dtflow setup是交互式命令,在非交互环境不可用- 所有命令在项目根目录运行,项目根目录是包含
.dtflow/config.json的目录,可通过ls .dtflow/config.json确认 - board 的 Node.js 应用需要
npm install(首次自动执行) - 看板服务默认端口 8765,仅限本地使用,不要暴露到公网
- board API 已脱敏:不返回 host/user/path 等敏感部署信息
run本地预览需要项目有可执行的启动命令(npm start / python app.py 等)- Docker 部署需要本地安装 Docker
openclaw_subagent编排器需要在config.json或环境变量中配置独立的 LLM 连接信息
常见问题处理
- dtflow 命令报错: 检查是否在项目根目录(含
.dtflow/config.json)、模型 API Key 是否有效、余额是否充足 - 部署失败: 检查 Docker/SSH 连接、目标服务器权限、config.json 中的 deploy 配置
- 审查反复不通过: 检查是否有结构性问题(如框架选择不当),必要时让用户给出报错信息手动排查
- run 启动失败: 检查项目启动命令(
npm start/python app.py)、依赖是否安装完整
边界场景
- 用户想取消项目: 归档项目(状态设为 archived)但不删除文件,保留以便后续恢复
- 用户中途改需求: 如果是小调整 → 用
dtflow start --feedback "修改意见"在当前版本迭代;如果是大方向变更 → 建议新建版本(dtflow advanced version --new)
Usage Guidance
This skill mostly does what it says (automating an LLM-driven dev pipeline), but there are important mismatches you should review before installing or running it with real credentials: 1) The code can automatically read OpenClaw configuration files from the user home (~/.openclaw/...), which may contain API keys — the registry metadata does not declare this. If you do not want your local LLM/API keys accessed, run the skill in an isolated environment or container without those files. 2) It can perform Git/GitHub/SSH/Docker publish operations; publishing or deployment will require credentials (SSH keys, GH token, registry creds). Don’t place secrets in PROJECTS.md/PROJECTS.json or .dtflow files unless you trust the environment. 3) The dashboard/server code has a few inconsistencies (HOST undefined; landing/serve.py binds 0.0.0.0) — prefer running services bound to 127.0.0.1 and verify bindings before exposing ports. 4) Inspect lib/openclaw_config.py and lib/orchestrators/openclaw_subagent.py to confirm exactly what files and keys are read and whether they are sent to external endpoints. 5) If you need a safer test, run the tool in a throwaway VM or container, with no ~/.openclaw credentials and with network restricted until you confirm behavior. If you need, I can extract the specific places in the code that read home/config files and show exactly what they send to remote APIs.
Capability Analysis
Type: OpenClaw Skill
Name: devtaskflow
Version: 1.1.0
DevTaskFlow is a comprehensive AI-driven development pipeline designed to automate software creation, testing, and deployment. While the tool requires high-risk permissions—including arbitrary file system access, shell command execution (git, npm, docker, ssh), and the ability to read OpenClaw credentials—these capabilities are strictly aligned with its stated purpose. The codebase demonstrates significant security maturity, featuring explicit protections against path traversal in `lib/write_flow.py`, shell injection mitigation via `shlex` and regex validation in `lib/deploy_adapter.py`, and sensitive data sanitization in the Node.js dashboard (`board/server.js`). No evidence of malicious intent, unauthorized data exfiltration, or prompt-injection attacks was found.
Capability Assessment
Purpose & Capability
The skill's name/description (AI-driven dev pipeline) match the shipped code: it contains analyze/write/review/deploy flows, git automation, a local dashboard and adapters for GitHub/ClawHub/SSH/Docker. That capability set reasonably explains most included modules (llm adapters, deploy/publish adapters, board). However, some capabilities (automatic reading of OpenClaw runtime config from user home and auto-publish adapters) are not declared in registry metadata (no required envs/config paths listed), which is unexpected and worth noting.
Instruction Scope
SKILL.md instructs cautious, user-confirmed actions, but the code actively reads project files and state (PROJECTS.md / PROJECTS.json, .dtflow/config.json, versions/<ver>/.state.json, docs/REQUIREMENTS.md) and — per changelog and code references — will auto-read OpenClaw configuration from the user's home (e.g. ~/.openclaw/openclaw.json + credentials). The board server serves project data (albeit with sanitization attempts). These file reads go beyond simple ephemeral inputs and could surface tokens/paths unless the sanitization is perfect. There are also small mismatches: landing/serve.py binds 0.0.0.0, while SKILL.md/CHANGELOG emphasize local-only binding; board server code references an undefined HOST variable in app.listen, indicating code quality issues that affect behavior.
Install Mechanism
There is no external download/install script embedded in the skill package; this is a bundled codebase (Python + Node) with no remote fetches shown. That lowers supply-chain risk compared to arbitrary URL downloads. The package does include an npm package.json for the dashboard and Python modules for the CLI — reasonable for the claimed functionality.
Credentials
Registry metadata lists no required env vars, yet SKILL.md and code reference optional environment variables (DTFLOW_LLM_*, DTFLOW_OPENCLAW_*, DTFLOW_BOARD_PORT/HOST) and the codebase (per CHANGELOG) will automatically fallback to reading OpenClaw configuration files in the user's home to obtain API keys. Implicitly accessing user home config (and possibly credentials files) is a disproportionate privilege that is not declared up-front. The skill also supports deployment/publishing adapters that may require SSH keys/GitHub tokens — these are not listed as mandatory but are powerful and should be made explicit.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. Autonomous invocation (disable-model-invocation=false) is the platform default and not by itself flagged. The code writes project files within the project directory and has mechanisms for git auto-commit; this is consistent with its purpose. No evidence it modifies other skills or global agent configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install devtaskflow - After installation, invoke the skill by name or use
/devtaskflow - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
全面代码审查修复: 安全加固 + Bug修复 + 架构改进
v1.0.1
- OpenClaw 依赖声明补充:新增 OpenClaw 所需的 Python (>=3.10) 和 Node (>=18) 依赖说明。
- 技术要求同步至 SKILL.md 的 metadata 字段,无其他功能变更。
v1.0.0
**DevTaskFlow 1.0.0 – Major Release**
- Major refactor of configuration and environment variable management for LLM and OpenClaw subagent settings.
- Added new `lib/openclaw_config.py` for improved OpenClaw parameter handling.
- Simplified and clarified `SKILL.md` metadata and requirements.
- Improved orchestration logic in openclaw_subagent, setup_flow, and related core modules.
- Multiple documentation and workflow explanations updated for clarity and precision.
- Numerous code, template, and internal logic improvements, preparing for production usage.
v0.10.0
Git 自动化 — 新建/迭代项目自动使用 Git
v0.9.0
v0.9.0: 错误恢复机制 + 配置三档模式 + 封版自动化
v0.8.0
- Added support for "openclaw_subagent" orchestration mode, enabling independent LLM configuration for orchestration via config or environment variables.
- Enhanced publish options: now supports publishing to GitHub Releases and ClawHub using advanced commands.
- Expanded final review from 7 to 9 dimensions for more comprehensive pre-deployment checks.
- Updated documentation and skill metadata; license changed to MIT-0, and required environment variables expanded.
- Improved configuration guidance for orchestration and deployment scenarios.
- Various doc and prompt clarifications to match new orchestration and publishing features.
v0.6.0
Design System + User Guide + Comprehensive Review + Compliance: sanitize deploy info, revise proactive invocation policy
v0.5.1
Security fix: remove all shell=True usage, use shlex.split() and argument lists to prevent shell injection
v0.5.0
Security fix: sanitize board API responses, remove hardcoded paths, declare optional env vars
v0.4.9
v0.4.9: 统一项目命名规范,更新 SKILL.md description。
v0.4.8
v0.4.8: README 加入 CLI 截图和快速上手章节。
v0.4.7
v0.4.7: README 加入 CLI 截图和'看一眼就懂'快速上手章节。
v0.4.6
v0.4.6: 重写 README,补充架构图、价值主张、技术平权主线、快速上手指南。GitHub 同步发布 v0.4.1。
v0.4.5
v0.4.5: 重写 README,补充架构图、价值主张、技术平权主线、快速上手指南。GitHub 同步发布 v0.4.1。
v0.4.4
v0.4.4: 重写 README,补充架构图、价值主张、技术平权主线、快速上手指南。GitHub 同步发布。
v0.4.3
v0.4.3: 模型列表更新。
v0.4.2
v0.4.2: 模型列表更新。setup 支持 4 个推荐模型:Claude Opus 4.6, GPT 5.4 Pro, GPT 5.4, Mimo V2 Pro。
v0.4.1
v0.4.1: 更新支持模型列表。经测试仅 Claude Opus 4.6、GPT 5.4 Pro、GPT 5.4、小米 Mimo V2 Pro 能稳定完成完整开发任务。setup 时默认展示这 4 个选项。
v0.4.0
v0.4: 面向普通人的重大改进。1) 本地预览:代码生成后 dtflow start --run 一键启动查看效果;2) Docker 部署:自动生成 Dockerfile,无需远程服务器;3) 简化分析方案:去掉 7 章架构文档,改为简洁开发计划;4) 引导式需求收集:6 个简单问题代替长篇需求描述;5) 部署方式引导:setup 时询问部署偏好;6) Token 消耗参考:小型 300-500 万,中型 ~4000 万,大型 2 亿+
v0.3.1
v0.3.1: 清理打包体积。新增 board Web 看板 + board-query 单项目查询。
Metadata
Frequently Asked Questions
What is Devtaskflow?
用自然语言发起开发任务,AI 驱动的开发流水线。Describe your idea, get working software. 适合产品、运营、业务人员从 0 搭建项目。 It is an AI Agent Skill for Claude Code / OpenClaw, with 497 downloads so far.
How do I install Devtaskflow?
Run "/install devtaskflow" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Devtaskflow free?
Yes, Devtaskflow is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Devtaskflow support?
Devtaskflow is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Devtaskflow?
It is built and maintained by cwyhkyochen-a11y (@cwyhkyochen-a11y); the current version is v1.1.0.
More Skills