Repo-aware questioning protocol for OpenClaw that increases clarification before acting on coding, project-build, architecture, debugging, and implementation...
Security Analysis
high confidenceThe skill's files, instructions, and required inputs are coherent with its stated purpose: a repo-aware questioning protocol that inspects local repo state and generates question reports before acting.
The name/description (repo-aware questioning for coding/build tasks) matches the included assets and scripts: planner.py, render_project_structure.py, preview/validate scripts, and bundled profiles. There are no unrelated requirements (no cloud credentials, no system-level config paths) that would contradict the stated purpose.
SKILL.md explicitly instructs the agent to load repo-local config (e.g. .asking-until-100.yaml), inspect the repo when relevant, and generate structured question reports. The shipped scripts implement repo inspection, profile merging, structure rendering, and validation. The instructions and code reference only local repo files and bundled profile assets; they do not attempt to read unrelated system state, secrets, or external endpoints.
No install spec is provided (instruction-only), and all code is bundled with the skill. There are no downloads or external installers referenced in the manifest, so nothing arbitrary is fetched at install time.
The skill declares no required environment variables or primary credential. The code and profiles include references to a 'secrets' readiness dimension but do not request or access environment secrets directly. The requested inputs are proportional to a repo-aware questioning tool.
always is false and the skill is user-invocable. It does not request persistent or elevated privileges, and there is no indication it modifies other skills or system-wide agent settings.
Guidance
This skill appears to do what it claims: inspect the local repo and produce structured clarification questions and reports before making changes. Before installing or enabling it: (1) review any repo-local .asking-until-100.yaml you may have to ensure it doesn't contain secrets or sensitive tokens, (2) glance through the bundled scripts (render_project_structure.py, planner.py, validate_config.py) to confirm they only read local files (they do) and do not call external networks, and (3) be aware that the agent may read your workspace files when you invoke this skill — avoid storing sensitive credentials in the repo if you don't want them inspected. If the skill later requested network endpoints, environment tokens, or an install hook that downloads code, re-evaluate as those would be out-of-scope for a questioning/reporting tool.
Latest Release
v0.1.0
- Initial release of the "asking-until-100" skill for OpenClaw. - Introduces structured questioning protocol to clarify tasks before execution, focusing on coding, build, architecture, and debugging. - Implements readiness estimation and adjustable questioning modes (fast, guided, deep, report) based on ambiguity and rigor. - Enforces high-rigor question reports for critical coding/build tasks, including provisional project structure and decision-critical unknowns. - Integrates repo awareness to avoid unnecessary questions and references supporting scripts and configuration options.
More by @Hongyi3
Published by @Hongyi3 on ClawHub
