← Back to Skills Marketplace
Workspace Standard
by
marcus-daemon
· GitHub ↗
· v1.0.0
636
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install workspace-standard
Description
Set up and maintain a structured OpenClaw workspace with project boundaries, role-based file taxonomy, and memory budgets. Use when: (1) bootstrapping a new...
Usage Guidance
This skill appears coherent and limited to local workspace organization. Before installing or running the scripts: (1) review the two shell scripts to confirm you understand what they create; (2) run them in a git-tracked workspace (so you can inspect and revert changes with git); (3) avoid using --force unless you intend to overwrite templates; (4) if you choose the README's curl/git install routes, verify the URLs are correct (they point to GitHub raw content) before executing; (5) remember the agent may autonomously consult this skill when deciding where to write files — if you prefer to control changes manually, avoid granting the agent unrestricted autonomous actions.
Capability Analysis
Type: OpenClaw Skill
Name: workspace-standard
Version: 1.0.0
The skill bundle contains shell injection vulnerabilities in `scripts/workspace-audit.sh` and `scripts/workspace-init.sh`. In `workspace-init.sh`, command-line arguments like `--project NAME` and `--path DIR` are directly used in `mkdir -p` and `echo` commands without sanitization, allowing arbitrary command execution if `NAME` or `DIR` contain shell metacharacters. Similarly, `workspace-audit.sh` uses values extracted from `.workspace-standard.yml` (e.g., `PROJ_SUBDIRS`) and markdown front-matter (e.g., `updated` date) directly in shell commands (`for` loops, `date -d`), creating potential RCE vectors if these inputs are controlled by an attacker. While the skill's stated purpose is benign workspace management, these vulnerabilities could be exploited to execute arbitrary commands on the host system.
Capability Assessment
Purpose & Capability
The name/description promise tooling to bootstrap and audit a workspace; the included scripts only create directories/files and scan local files for front-matter, budgets, and stale dates. No unrelated credentials, binaries, or external services are required.
Instruction Scope
SKILL.md and README instruct the agent (and user) to run the provided init and audit scripts against the local workspace. The scripts only read or write local workspace files and a local optional config (.workspace-standard.yml). They do not collect or transmit data externally, nor do they access environment variables beyond local config parsing and standard shell utilities.
Install Mechanism
There is no packaged install spec (instruction-only). The README suggests optional downloads from raw.githubusercontent.com (a known host) or cloning a GitHub repo; these are documented user actions and not performed automatically by the skill. No archive extraction or remote executables are installed by the skill itself.
Credentials
The skill declares no required env vars, no credentials, and no config paths beyond an optional .workspace-standard.yml in the workspace root. The scripts do not attempt to read secrets or external tokens.
Persistence & Privilege
Registry flags are default (always:false, agent-autonomy allowed). The skill creates files and directories within the workspace (including a skills/ directory) but does not modify other skills' configs or system-wide settings. Note: the init script will overwrite files only when --force is passed, so review before using --force.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install workspace-standard - After installation, invoke the skill by name or use
/workspace-standard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: 7-role taxonomy, configurable via .workspace-standard.yml, workspace-tree.sh visualiser, roles guide, full README
Metadata
Frequently Asked Questions
What is Workspace Standard?
Set up and maintain a structured OpenClaw workspace with project boundaries, role-based file taxonomy, and memory budgets. Use when: (1) bootstrapping a new... It is an AI Agent Skill for Claude Code / OpenClaw, with 636 downloads so far.
How do I install Workspace Standard?
Run "/install workspace-standard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Workspace Standard free?
Yes, Workspace Standard is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Workspace Standard support?
Workspace Standard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Workspace Standard?
It is built and maintained by marcus-daemon (@marcus-daemon); the current version is v1.0.0.
More Skills