← 返回 Skills 市场
spec steering workflow
作者
whisper1952717
· GitHub ↗
· v1.0.0
· MIT-0
280
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install spec-steering-workflow
功能描述
Use a lightweight spec + steering workflow for long, interruptible, multi-phase tasks that need checkpointed progress, recoverable state, and multi-session c...
安全使用建议
This skill appears to do what it claims: manage long-running specs via files and a local helper script. Before installing, check these points: 1) Confirm your agent runtime has Python available (specctl.py is a Python script). 2) Confirm where the skill will be installed so the script's workspace calculation (script.parents[3]) resolves to the directory you intend — otherwise it may create or modify files outside the expected sandbox. 3) Because the skill writes and updates files under specs/ and steering/, back up any important workspace data and review created files (meta.json, handoff.md, tasks.md) to ensure state is captured as you expect. 4) If you need stronger isolation, run the skill in a restricted workspace or verify filesystem permissions. Overall the footprint is local and file-scoped with no credential or network access, so risks are limited if you validate the workspace and runtime interpreter.
功能分析
Type: OpenClaw Skill
Name: spec-steering-workflow
Version: 1.0.0
The skill bundle implements a structured task-management workflow, but the core automation script, `scripts/specctl.py`, contains a path traversal vulnerability. The script uses the user-provided `spec_id` to construct file paths using `pathlib` without sanitization, which could allow an agent or user to read or write files outside the intended workspace directories (e.g., by providing an absolute path or using `..` sequences). While the workflow and instructions in `SKILL.md` are aligned with legitimate productivity goals, the lack of input validation on file operations is a significant security flaw.
能力评估
Purpose & Capability
Name/description match the implementation: templates, rules, and a helper script (scripts/specctl.py) exist to create and manage spec workspaces, checkpoints, handoffs, and archives. No unrelated credentials, binaries, or network access are requested.
Instruction Scope
Runtime instructions direct the agent to read/write files under workspace paths (specs/active, specs/archive, steering/) and to use scripts/specctl.py for operations — this matches the stated purpose. Note: the helper script computes the workspace by walking three parent directories from its own location (script.parents[3]), which is brittle: if the skill is installed in an unexpected path that calculation could point to a different directory than you expect. Confirm the agent's installation layout and sandbox so files are written only where intended.
Install Mechanism
No install spec or remote downloads; this is an instruction-plus-local-code skill. No external packages are fetched and nothing is written to disk at install time beyond the skill artifact itself.
Credentials
Skill declares no required environment variables or secrets and the code shows no network or secret-access behavior. Minor inconsistency: the bundle does not declare a required runtime (python3) even though scripts/specctl.py is a Python script — the platform likely provides an interpreter but you should verify that the agent environment can execute the script.
Persistence & Privilege
always:false and no requests to modify other skills or system-wide configs. The agent is allowed to invoke the skill autonomously (normal default) and the skill will create and manage files under the workspace only.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install spec-steering-workflow - 安装完成后,直接呼叫该 Skill 的名称或使用
/spec-steering-workflow触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Introduces the spec-steering-workflow skill for managing long, interruptible, multi-phase tasks with checkpointed progress and recoverable state.
- Defines a default workflow using workspace directories and structured checkpoints (`done`, `blocked`, `failed`).
- Provides commands for lifecycle management via `specctl.py` (init, checkpoint, resume, validate, archive, status).
- Supplies explicit rules for when and how to use this workflow, ensuring state is recoverable and tasks can span multiple sessions.
- Separates references and templates into dedicated directories for clarity and maintainability.
元数据
常见问题
spec steering workflow 是什么?
Use a lightweight spec + steering workflow for long, interruptible, multi-phase tasks that need checkpointed progress, recoverable state, and multi-session c... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 280 次。
如何安装 spec steering workflow?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install spec-steering-workflow」即可一键安装,无需额外配置。
spec steering workflow 是免费的吗?
是的,spec steering workflow 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
spec steering workflow 支持哪些平台?
spec steering workflow 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 spec steering workflow?
由 whisper1952717(@whisper1952717)开发并维护,当前版本 v1.0.0。
推荐 Skills