← 返回 Skills 市场
kevdogg102396-afk

Spec-First Development

作者 kevdogg102396-afk · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
443
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install spec-first-dev
功能描述
Spec-driven development workflow. Before writing any code, generates a comprehensive SPEC.md covering data models, user flows, API contracts, file structure,...
安全使用建议
This skill is instruction-only and coherent with its purpose: it will read your project files and write SPEC.md in the project root, then wait for your explicit approval before writing implementation code. Before enabling or running it, confirm: (1) the agent's file-sandbox is limited to the intended repository/workspace so it cannot read unrelated files or secrets; (2) you are comfortable granting the agent Read/Write/Bash capabilities in that workspace (Bash can run arbitrary commands, so sandboxing matters); (3) the auto-trigger rules (phrases like 'build me') won't cause unwanted invocations in your environment. Note the SKILL.md mentions running 'Grep' but only lists 'Glob' explicitly — this is likely benign (grep can be run via Bash) but you may ask the author to clarify allowed-tools or explicit shell usage if you need stricter controls.
功能分析
Type: OpenClaw Skill Name: spec-first-dev Version: 1.0.0 The skill is designed for a legitimate development workflow, but it requests `Bash` as an `allowed-tool` in `SKILL.md`. While the current instructions only explicitly suggest using `Grep` (a benign use case for `Bash`), granting arbitrary shell access to an AI agent is a significant security risk. This capability, even without explicit malicious instructions, makes the skill suspicious due to the potential for misuse, prompt injection, or unintended execution of harmful commands, classifying it as a vulnerability rather than intentional malice.
能力评估
Purpose & Capability
Name and description match the instructions: the skill inspects a codebase, produces a SPEC.md, and waits for user approval before implementing. Required resources (none) and declared allowed-tools (Read, Write, Bash, Glob) are appropriate for a spec-generation workflow.
Instruction Scope
Instructions explicitly tell the agent to read the repository (glob/grep) and write SPEC.md to the project root, then pause for explicit user 'go' before any code creation. This is appropriate for the stated purpose. Minor inconsistency: SKILL.md refers to running 'Grep' but the allowed-tools list names 'Glob' (and 'Bash' is present so grep could be invoked via Bash). No instructions attempt to access unrelated system paths or external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. Nothing will be downloaded or written to disk beyond the SPEC.md it is explicitly instructed to create in the project workspace.
Credentials
The skill requests no environment variables, credentials, or config paths. Its filesystem access (reading project files, writing SPEC.md) is proportional to its purpose.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent or elevated platform privileges and does not modify other skills' configuration. Autonomous invocation is allowed by platform default but not a red flag here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install spec-first-dev
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /spec-first-dev 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Introduces version 1.0.0 of the spec-first-dev skill. - Enforces a spec-driven development workflow: generate a detailed SPEC.md before starting any implementation. - Clarifies project intent, audits existing code, and creates specs covering models, flows, APIs, file structure, and edge cases. - Requires explicit user approval of SPEC.md before any coding begins. - Facilitates integration with task-tracking and code review processes. - Helps prevent misaligned builds by forcing clear planning and documentation upfront.
元数据
Slug spec-first-dev
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Spec-First Development 是什么?

Spec-driven development workflow. Before writing any code, generates a comprehensive SPEC.md covering data models, user flows, API contracts, file structure,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 443 次。

如何安装 Spec-First Development?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install spec-first-dev」即可一键安装,无需额外配置。

Spec-First Development 是免费的吗?

是的,Spec-First Development 完全免费(开源免费),可自由下载、安装和使用。

Spec-First Development 支持哪些平台?

Spec-First Development 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Spec-First Development?

由 kevdogg102396-afk(@kevdogg102396-afk)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论