← Back to Skills Marketplace
702
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install solo-validate
Description
Score startup idea through S.E.E.D. niche check + STREAM 6-layer analysis + Devil's Advocate inversion, auto-pick stack, and generate PRD with acceptance cri...
Usage Guidance
This skill appears coherent and reasonably low-risk, but review these practical considerations before installing or running:
- It will read local markdown/docs (manifest, research.md, etc.) and may write generated PRDs to the project. Run it in a workspace that doesn't contain sensitive or private documents you don't want scanned or modified.
- The skill performs web searches and (if available) will use MCP KB/project/web search tools; it does not send data to unknown external endpoints beyond normal web search. Still review any output before sharing externally.
- Because Read/Grep/Bash/Write/Edit are allowed, the agent could modify files — back up important repo content or run in an isolated copy if you want to prevent accidental changes.
- No credentials or installs are requested, so there's no secret-exfiltration signal in the manifest. If you later add MCP tools that provide access to additional data sources, consider whether those tools should be restricted.
If you want extra caution: try the skill on a small, non-sensitive idea first and inspect generated files and logs to confirm behavior matches expectations.
Capability Analysis
Type: OpenClaw Skill
Name: solo-validate
Version: 2.1.1
The `solo-validate` skill, while designed for a legitimate purpose, is classified as suspicious due to the presence of a significant shell injection vulnerability. Specifically, in `SKILL.md` (Step 2), the agent is instructed to 'Grep for idea keywords' using user-provided `$ARGUMENTS`. If the underlying agent's `Grep` or `Bash` execution does not properly sanitize this user input, it could allow an attacker to execute arbitrary shell commands. The skill also allows `Write` operations to `docs/prd.md`, which, while intended for legitimate document generation, could be a vector for content injection if not handled robustly. There is no evidence of intentional malicious behavior such as data exfiltration, persistence, or unauthorized remote control.
Capability Assessment
Purpose & Capability
The name/description (idea validation, PRD generation, STREAM/S.E.E.D./Manifest checks) align with the skill's requests and capabilities: it uses local .md searches, bundled reference documents, web searches, and optional MCP KB/project/web search tools. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md confines searches to markdown/docs and uses web searches and bundled references for analysis, which is appropriate. Caveat: allowed-tools include Read/Grep/Bash/Write/Edit — the instructions do ask the agent to read and potentially write project files (search .md, look for research.md, generate PRD). This is coherent for a validation/PRD skill but means it will access and may modify repository docs; confirm you want that behavior in the current workspace before running.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes disk persistence and arbitrary code execution risk.
Credentials
No environment variables, credentials, or config paths are requested. The skill's use of MCP-specific tools is optional and appropriate; nothing asks for unrelated secrets or cloud credentials.
Persistence & Privilege
always is false and the skill is user-invocable. It may write PRD files (Write/Edit are allowed) but does not request system-wide or other-skills' configuration changes. Autonomous invocation is allowed by platform default but not granted elevated 'always' presence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install solo-validate - After installation, invoke the skill by name or use
/solo-validate - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.1
Universalize: remove project-specific references, add SearXNG recommendation
v2.1.0
Initial publish
Metadata
Frequently Asked Questions
What is Validate?
Score startup idea through S.E.E.D. niche check + STREAM 6-layer analysis + Devil's Advocate inversion, auto-pick stack, and generate PRD with acceptance cri... It is an AI Agent Skill for Claude Code / OpenClaw, with 702 downloads so far.
How do I install Validate?
Run "/install solo-validate" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Validate free?
Yes, Validate is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Validate support?
Validate is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Validate?
It is built and maintained by Rust (@fortunto2); the current version is v2.1.1.
More Skills