← 返回 Skills 市场
5skill
作者
zhao202404
· GitHub ↗
· v1.0.0
· MIT-0
110
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install prd-skill2026030303
功能描述
Create and manage Product Requirements Documents with user stories, verifiable acceptance criteria, and ordered implementation tasks.
安全使用建议
This skill's PRD templates and guidance are generally useful for planning, but the runtime documentation contains risky operational instructions. Before using it: (1) Do NOT run the provided 'unattended agentic loop' as-is — it can autonomously modify your repo and run indefinitely. (2) Never use the '--dangerously-skip-permissions' flag or other directives that bypass agent safety checks. (3) Run any agentic execution in an isolated sandbox or throwaway clone, with human review steps enabled. (4) Verify and restrict any CLIs or tokens the agent would need (claude, opencode, git, jq, dev-browser) and add those requirements to the skill metadata. (5) Consider adding explicit human-in-the-loop approval before commits, and back up your repository before testing. If you need the automation, require the skill to declare required binaries/credentials and remove instructions that bypass permissions.
功能分析
Type: OpenClaw Skill
Name: prd-skill2026030303
Version: 1.0.0
The skill bundle defines a framework for managing Product Requirements Documents (PRDs) designed for autonomous AI agents. It is classified as suspicious because the documentation in 'references/agent-usage.md' explicitly encourages users to run AI agents using high-risk configurations, specifically recommending the '--dangerously-skip-permissions' flag with Claude Code. This configuration bypasses all security prompts, creating a significant risk of arbitrary command execution if an agent processes a malicious task within the 'prd.json' file. While the skill itself manages data, it promotes an unsafe execution environment without sufficient warnings.
能力评估
Purpose & Capability
The README and templates are coherent with a PRD/agent-execution workflow: they define prd.json, user stories, and how to track progress. However the SKILL.md and references assume use of CLIs (claude, opencode, git, jq, dev-browser) and autonomous agent execution; the skill metadata declares no required binaries or credentials, which is an omission (missing declared dependencies/tools needed to run the documented flows).
Instruction Scope
The instructions go beyond authoring PRDs: they include an unattended agentic loop (while :; do claude --print --dangerously-skip-permissions ... done) that tells an agent to read prd.json, check out branches, implement code, run tests/typechecks, commit changes, and update progress files. That pattern can autonomously change repositories and the explicit use of '--dangerously-skip-permissions' instructs operators to bypass permissions/safety checks — a clear operational and security risk.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written to disk by the skill itself. That lowers installation risk, but the documentation expects external CLIs and tools to be present.
Credentials
The skill requests no environment variables or credentials, which is good from a secrets-exfiltration perspective. However the instructions assume use of agent CLIs and git operations that normally require local tooling and possibly API tokens; the omission of any declared required credentials/tools is a proportionality/metadata mismatch that could hide important operational prerequisites.
Persistence & Privilege
The skill itself is not marked 'always:true', but the provided agent usage patterns encourage running autonomous, long-running loops that repeatedly invoke agents to edit code and commit changes. Combined with the recommendation to bypass permission checks, this increases blast radius if run unattended. The skill does not request explicit elevated platform privileges, but operational guidance effectively advocates persistent autonomous execution.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install prd-skill2026030303 - 安装完成后,直接呼叫该 Skill 的名称或使用
/prd-skill2026030303触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the prd-2 skill.
- Create and manage Product Requirements Documents (PRDs) in a structured format for feature planning.
- Provides a JSON schema for defining user stories with acceptance criteria, priority, progress tracking, and runtime notes.
- Includes guidance on story sizing, ordering, and writing verifiable acceptance criteria.
- Supports both AI agents and human developers for task management and implementation.
- Quick command references and documentation resources are included for easy adoption.
元数据
常见问题
5skill 是什么?
Create and manage Product Requirements Documents with user stories, verifiable acceptance criteria, and ordered implementation tasks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 110 次。
如何安装 5skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install prd-skill2026030303」即可一键安装,无需额外配置。
5skill 是免费的吗?
是的,5skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
5skill 支持哪些平台?
5skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 5skill?
由 zhao202404(@zhao202404)开发并维护,当前版本 v1.0.0。
推荐 Skills