← 返回 Skills 市场
977
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install subagent-development
功能描述
Use when executing implementation plans with independent tasks in the current session
安全使用建议
Before installing or running this skill, consider the following: (1) It expects to read and modify your repository (run tests, commit). Only enable it in a controlled environment (e.g., a sandbox repo, feature branch, or fork). (2) Ask where 'TodoWrite' and 'superpowers' integrations communicate and whether API tokens will be required; do not provide your main account tokens—use a dedicated, limited-permission service account if needed. (3) Require human-in-the-loop or restrict autonomous actions (prevent automatic commits or make subagents produce patches for manual review). (4) Audit commits made by any subagents and review their diffs before merging. (5) If you lack confidence about hidden endpoints or required credentials, test the skill locally with network access disabled or run it against a throwaway repository first. If you plan to grant git/CI credentials, grant least privilege and rotate tokens after testing.
功能分析
Type: OpenClaw Skill
Name: subagent-development
Version: 1.0.0
The skill's core logic, as defined in SKILL.md and the prompt templates, appears benign, focusing on structured AI agent-driven software development and review processes. However, the `README.md` file contains an installation instruction (`npx add https://github.com/wpank/ai/tree/main/skills/meta/subagent-development`) that fetches and executes code directly from a remote GitHub URL. While a common installation pattern, this presents a significant supply chain vulnerability, as a compromise of the remote repository could lead to arbitrary code execution on the user's system during installation. This constitutes a risky capability without clear malicious intent within the skill's operational code itself, thus classifying it as suspicious.
能力评估
Purpose & Capability
The name/description (subagent-driven development) match the instructions: orchestrating implementer/spec/quality-reviewer subagents to implement tasks, run tests, and commit changes. However, the skill expects access to a code workspace, git operations, and platform tooling (e.g., 'superpowers' tools and TodoWrite) while the registry metadata declares no required binaries, env vars, or config paths. That omission is notable but could be an omission rather than malicious intent.
Instruction Scope
SKILL.md and templates explicitly tell subagents to read plan files and implementation code, run tests, make commits, perform self-reviews, and 'Mark task complete in TodoWrite.' Those actions involve reading and modifying repository files and interacting with external services. The instructions do not include any steps that explicitly exfiltrate secrets, but they do give broad discretion to subagents to change code and call external platform services that are not fully specified.
Install Mechanism
Instruction-only skill with no install spec or downloaded code. That lowers disk/remote-install risk — nothing is pulled or executed by an install step.
Credentials
The skill declares no required environment variables or credentials, yet its workflow implies needing repo access (git credentials), and access to platform-specific services (TodoWrite and 'superpowers' tools). These credentials/configs are not listed in requires.env or required config paths, creating a mismatch that could hide necessary permissions or external endpoints the subagents will use.
Persistence & Privilege
always is false (normal). The skill relies on dispatching autonomous subagents to perform many automated actions (commits, tests, external notifications). Autonomous invocation is platform-default and not flagged by itself, but combined with the other concerns this means the agent could automatically make persistent changes unless you limit permissions or require human approval.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install subagent-development - 安装完成后,直接呼叫该 Skill 的名称或使用
/subagent-development触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of subagent-driven-development skill.
- Establishes a workflow for executing implementation plans with independent tasks using a fresh subagent per task.
- Implements a two-stage review process: spec compliance review followed by code quality review for each task.
- Provides clear, step-by-step process diagrams and example workflow.
- Includes installation instructions and guidance on when to use this approach.
- Highlights advantages such as faster iteration, continuous progress, and built-in quality gates.
元数据
常见问题
Subagent Development 是什么?
Use when executing implementation plans with independent tasks in the current session. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 977 次。
如何安装 Subagent Development?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install subagent-development」即可一键安装,无需额外配置。
Subagent Development 是免费的吗?
是的,Subagent Development 完全免费(开源免费),可自由下载、安装和使用。
Subagent Development 支持哪些平台?
Subagent Development 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Subagent Development?
由 wpank(@wpank)开发并维护,当前版本 v1.0.0。
推荐 Skills