← Back to Skills Marketplace
spec steering workflow
by
whisper1952717
· GitHub ↗
· v1.0.0
· MIT-0
280
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install spec-steering-workflow
Description
Use a lightweight spec + steering workflow for long, interruptible, multi-phase tasks that need checkpointed progress, recoverable state, and multi-session c...
Usage Guidance
This skill appears to do what it claims: manage long-running specs via files and a local helper script. Before installing, check these points: 1) Confirm your agent runtime has Python available (specctl.py is a Python script). 2) Confirm where the skill will be installed so the script's workspace calculation (script.parents[3]) resolves to the directory you intend — otherwise it may create or modify files outside the expected sandbox. 3) Because the skill writes and updates files under specs/ and steering/, back up any important workspace data and review created files (meta.json, handoff.md, tasks.md) to ensure state is captured as you expect. 4) If you need stronger isolation, run the skill in a restricted workspace or verify filesystem permissions. Overall the footprint is local and file-scoped with no credential or network access, so risks are limited if you validate the workspace and runtime interpreter.
Capability Analysis
Type: OpenClaw Skill
Name: spec-steering-workflow
Version: 1.0.0
The skill bundle implements a structured task-management workflow, but the core automation script, `scripts/specctl.py`, contains a path traversal vulnerability. The script uses the user-provided `spec_id` to construct file paths using `pathlib` without sanitization, which could allow an agent or user to read or write files outside the intended workspace directories (e.g., by providing an absolute path or using `..` sequences). While the workflow and instructions in `SKILL.md` are aligned with legitimate productivity goals, the lack of input validation on file operations is a significant security flaw.
Capability Assessment
Purpose & Capability
Name/description match the implementation: templates, rules, and a helper script (scripts/specctl.py) exist to create and manage spec workspaces, checkpoints, handoffs, and archives. No unrelated credentials, binaries, or network access are requested.
Instruction Scope
Runtime instructions direct the agent to read/write files under workspace paths (specs/active, specs/archive, steering/) and to use scripts/specctl.py for operations — this matches the stated purpose. Note: the helper script computes the workspace by walking three parent directories from its own location (script.parents[3]), which is brittle: if the skill is installed in an unexpected path that calculation could point to a different directory than you expect. Confirm the agent's installation layout and sandbox so files are written only where intended.
Install Mechanism
No install spec or remote downloads; this is an instruction-plus-local-code skill. No external packages are fetched and nothing is written to disk at install time beyond the skill artifact itself.
Credentials
Skill declares no required environment variables or secrets and the code shows no network or secret-access behavior. Minor inconsistency: the bundle does not declare a required runtime (python3) even though scripts/specctl.py is a Python script — the platform likely provides an interpreter but you should verify that the agent environment can execute the script.
Persistence & Privilege
always:false and no requests to modify other skills or system-wide configs. The agent is allowed to invoke the skill autonomously (normal default) and the skill will create and manage files under the workspace only.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install spec-steering-workflow - After installation, invoke the skill by name or use
/spec-steering-workflow - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Introduces the spec-steering-workflow skill for managing long, interruptible, multi-phase tasks with checkpointed progress and recoverable state.
- Defines a default workflow using workspace directories and structured checkpoints (`done`, `blocked`, `failed`).
- Provides commands for lifecycle management via `specctl.py` (init, checkpoint, resume, validate, archive, status).
- Supplies explicit rules for when and how to use this workflow, ensuring state is recoverable and tasks can span multiple sessions.
- Separates references and templates into dedicated directories for clarity and maintainability.
Metadata
Frequently Asked Questions
What is spec steering workflow?
Use a lightweight spec + steering workflow for long, interruptible, multi-phase tasks that need checkpointed progress, recoverable state, and multi-session c... It is an AI Agent Skill for Claude Code / OpenClaw, with 280 downloads so far.
How do I install spec steering workflow?
Run "/install spec-steering-workflow" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is spec steering workflow free?
Yes, spec steering workflow is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does spec steering workflow support?
spec steering workflow is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created spec steering workflow?
It is built and maintained by whisper1952717 (@whisper1952717); the current version is v1.0.0.
More Skills