← 返回 Skills 市场
OpenSpec Workflow
作者
Bobby Radford
· GitHub ↗
· v1.0.0
737
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install openspec-workflow
功能描述
Autonomous spec-driven development with OpenSpec CLI and Claude Code. You orchestrate (draft artifacts, make judgment calls, ship PRs) while Claude Code revi...
安全使用建议
This skill is coherent as an automated spec-driven workflow, but several warning signs deserve attention before installing:
- Metadata mismatch: The skill metadata declares no required binaries or credentials while the SKILL.md expects openspec, claude, gh, git, and an authenticated gh CLI — ask the publisher to update registry fields to reflect real requirements.
- Permission-bypass flag: The guide explicitly runs Claude with --dangerously-skip-permissions and spawns subagents with full repo paths. That gives the implementer broad read/write access and can bypass platform safety checks — only run in repositories you fully control and audit first.
- Credential scope: Limit tokens to least privilege (narrow GitHub repo scopes, avoid org-wide tokens). Prefer ephemeral tokens or require human approval for push/PR creation.
- Audit repo for secrets: Before giving any subagent or external CLI access, scan the repo for secrets or sensitive files that could be exposed by an automated reviewer.
- Operational controls: If you choose to use this skill, require interactive/human confirmation for commits and PR creation, or run in an isolated CI environment. Consider running claude and openspec in a sandbox/worktree instead of on your primary working copy.
If the publisher cannot or will not correct the metadata to list required CLIs and credential needs, treat installation with extra caution or avoid installing into sensitive environments.
功能分析
Type: OpenClaw Skill
Name: openspec-workflow
Version: 1.0.0
The skill bundle presents a critical prompt injection vulnerability due to the use of `--dangerously-skip-permissions` when invoking the `claude` CLI in both `SKILL.md` (for implementation) and `references/review-loop.md` (for review). This grants sub-agents unrestricted system access within the working directory. User-controlled artifact content (e.g., `tasks.md`, `proposal.md`) is directly embedded into the prompts for these highly privileged sub-agents, allowing a malicious artifact to execute arbitrary commands, potentially leading to data exfiltration or system compromise. While this is a severe RCE risk, there is no evidence of intentional malicious behavior within the skill bundle itself, classifying it as a critical vulnerability rather than malware.
能力评估
Purpose & Capability
The skill's stated purpose (orchestrating OpenSpec + Claude Code workflows) matches the actions described in SKILL.md (drafting artifacts, spawning reviewers, implementing tasks, opening PRs). However, the registry metadata lists no required binaries or credentials while the SKILL.md explicitly requires openspec, claude, gh, and git — a metadata/instruction mismatch that reduces transparency.
Instruction Scope
SKILL.md instructs the agent to spawn reviewers/subagents with full repo path access, let Claude Code read/grep any file in the repository, and to run Claude with --dangerously-skip-permissions and PTY-backed exec. Those instructions grant wide read/write access to repository contents and ask the agent to run commands that bypass normal permission controls — appropriate for an automated implementer but high-risk if untrusted or run in a sensitive repo.
Install Mechanism
There is no install spec and the skill is instruction-only, so nothing will be downloaded or written by the skill bundle itself. This minimizes supply-chain install risk, but the instructions do depend on external CLIs being present on the host (openspec, claude, gh, npm for installation), which the metadata does not declare.
Credentials
The registry asserts no required env vars or credentials, yet SKILL.md requires an authenticated gh CLI (and implicitly a GitHub token for some flows), the claude CLI (which needs credentials), and npm-installed openspec. The workflow and reference GitHub Action also rely on GH_TOKEN/secrets in practice. The skill asks for access to credentials and repo contents without declaring them, which is disproportionate to what's presented in the registry metadata.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configs. Still, it instructs autonomous invocations (spawn reviewers, run Claude Code) and uses flags that bypass permissions. While autonomous invocation is platform-default, combining that with permission-skipping and subagent repo access increases blast radius — consider limiting autonomy or human confirmation for risky steps.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openspec-workflow - 安装完成后,直接呼叫该 Skill 的名称或使用
/openspec-workflow触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
OpenSpec Workflow 是什么?
Autonomous spec-driven development with OpenSpec CLI and Claude Code. You orchestrate (draft artifacts, make judgment calls, ship PRs) while Claude Code revi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 737 次。
如何安装 OpenSpec Workflow?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openspec-workflow」即可一键安装,无需额外配置。
OpenSpec Workflow 是免费的吗?
是的,OpenSpec Workflow 完全免费(开源免费),可自由下载、安装和使用。
OpenSpec Workflow 支持哪些平台?
OpenSpec Workflow 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenSpec Workflow?
由 Bobby Radford(@bobbyradford)开发并维护,当前版本 v1.0.0。
推荐 Skills