A senior, governance-backed PHP full-stack delivery OS for OpenClaw. Emphasizes pre-flight analysis, safe data changes, explicit contracts, and reproducible verification.
Security Analysis
medium confidenceThe skill is largely coherent with a senior PHP delivery “governance” helper, but its runtime instructions instruct the agent to read and write user workspace memory files (e.g., ~/.openclaw/workspace/*) while the registry metadata declares no required config paths — a mismatch that deserves review before installing.
The name/description (senior PHP full-stack governance OS) matches the included guidance, templates, and logging files. The skill does not request unrelated credentials or packages. However INFO_RUNTIME explicitly instructs reading workspace memory files under ~/.openclaw/workspace, but the registry metadata declares no required config paths — that mismatch should be explained.
SKILL.md and INFO_RUNTIME instruct the agent to open specific workspace files (SOUL.md, USER.md, MEMORY.md, daily memory files) and to load/write LOG_*.md files. Those files can contain user context, PII, or secrets; the instructions do not limit what to extract or explicitly require user consent before reading. Although this behavior is consistent with a governance/context skill, it broadens the agent's data access and should be made explicit to end users.
No install spec and no code files — the skill is instruction-only, which minimizes install-time risk (nothing is downloaded or executed on disk).
The skill requests no environment variables or external credentials (proportionate). However it expects to read and write workspace files and logs; those file access requirements are not declared in the metadata as required config paths, creating an omission that impacts proportionality and consent.
always:false (normal). The skill is allowed to be invoked autonomously by the agent (disable-model-invocation:false), which is platform default. Combined with the skill's instructions to read/write workspace memory, autonomous invocation increases blast radius — worth noting but not by itself a blocker.
Guidance
This skill is a Markdown-only governance and process helper for PHP work and appears coherent with that purpose. However: 1) INFO_RUNTIME tells the agent to open ~/.openclaw/workspace/* files (SOUL.md, USER.md, MEMORY.md, daily memory files) and to read/write LOG_*.md files; those files may contain PII, credentials, or other sensitive context. 2) The registry metadata does not declare any required config paths, so the skill's intended file access is not made explicit in its manifest. Before installing: - Inspect the contents of your ~/.openclaw/workspace files (USER.md, MEMORY.md, SOUL.md) to ensure they contain no secrets or PII you don't want an invoked skill to read. - Consider running the skill in a sandbox or with limited file permissions first. - Ask the publisher to update the metadata to declare required config paths and make the read/write behavior explicit, or to add explicit user-consent prompts before reading workspace memory. - If you plan to allow autonomous invocation, be aware that the skill can be triggered to access workspace files during agent runs; require explicit user approval for sensitive tasks. If you want, I can (a) list the exact lines in INFO_RUNTIME/SKILL.md that reference workspace files and logging, or (b) suggest a minimal manifest change to declare those config paths.
Latest Release
v0.1.0
- Initial release of the php-full-stack-developer skill for OpenClaw. - Provides a senior-level delivery OS focused on pre-flight analysis, safe data changes, and explicit API/data contracts. - Implements clear trigger conditions for when to apply the skill, emphasizing engineering work that affects security, data, or deployment. - Introduces structured prompting principles: pre-flight checks, minimum required clarifications, and always includes test instructions. - Enforces stop-work rules for unclear auth, risky DB/API changes, and missing rollout/rollback steps. - Requires governance checks before executing or logging significant work.
Popular Skills
Published by @sja-dev1 on ClawHub
