Skip to main content

plan-devex-review

Facilitates a comprehensive review of developer experience plans, enhancing product design and user engagement through targeted insights.

Install this skill

or
0/100

Security score

The plan-devex-review skill was audited on Jun 3, 2026 and we found 80 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 30

Template literal with variable interpolation in command context

SourceSKILL.md
30```bash
medium line 269

Template literal with variable interpolation in command context

SourceSKILL.md
269```bash
medium line 751

Webhook reference - potential data exfiltration

SourceSKILL.md
751- Mentions API endpoints, REST, GraphQL, gRPC, webhooks → **API/Service**
low line 31

Access to hidden dotfiles in home directory

SourceSKILL.md
31_UPD=$(~/.claude/skills/gstack/bin/gstack-update-check 2>/dev/null || .claude/skills/gstack/bin/gstack-update-check 2>/dev/null || true)
low line 33

Access to hidden dotfiles in home directory

SourceSKILL.md
33mkdir -p ~/.gstack/sessions
low line 34

Access to hidden dotfiles in home directory

SourceSKILL.md
34touch ~/.gstack/sessions/"$PPID"
low line 35

Access to hidden dotfiles in home directory

SourceSKILL.md
35_SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
low line 36

Access to hidden dotfiles in home directory

SourceSKILL.md
36find ~/.gstack/sessions -mmin +120 -type f -exec rm {} + 2>/dev/null || true
low line 37

Access to hidden dotfiles in home directory

SourceSKILL.md
37_PROACTIVE=$(~/.claude/skills/gstack/bin/gstack-config get proactive 2>/dev/null || echo "true")
low line 38

Access to hidden dotfiles in home directory

SourceSKILL.md
38_PROACTIVE_PROMPTED=$([ -f ~/.gstack/.proactive-prompted ] && echo "yes" || echo "no")
low line 41

Access to hidden dotfiles in home directory

SourceSKILL.md
41_SKILL_PREFIX=$(~/.claude/skills/gstack/bin/gstack-config get skill_prefix 2>/dev/null || echo "false")
low line 45

Access to hidden dotfiles in home directory

SourceSKILL.md
45source <(~/.claude/skills/gstack/bin/gstack-repo-mode 2>/dev/null) || true
low line 48

Access to hidden dotfiles in home directory

SourceSKILL.md
48_LAKE_SEEN=$([ -f ~/.gstack/.completeness-intro-seen ] && echo "yes" || echo "no")
low line 50

Access to hidden dotfiles in home directory

SourceSKILL.md
50_TEL=$(~/.claude/skills/gstack/bin/gstack-config get telemetry 2>/dev/null || true)
low line 51

Access to hidden dotfiles in home directory

SourceSKILL.md
51_TEL_PROMPTED=$([ -f ~/.gstack/.telemetry-prompted ] && echo "yes" || echo "no")
low line 56

Access to hidden dotfiles in home directory

SourceSKILL.md
56mkdir -p ~/.gstack/analytics
low line 58

Access to hidden dotfiles in home directory

SourceSKILL.md
58echo '{"skill":"plan-devex-review","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics
low line 61

Access to hidden dotfiles in home directory

SourceSKILL.md
61for _PF in $(find ~/.gstack/analytics -maxdepth 1 -name '.pending-*' 2>/dev/null); do
low line 63

Access to hidden dotfiles in home directory

SourceSKILL.md
63if [ "$_TEL" != "off" ] && [ -x "~/.claude/skills/gstack/bin/gstack-telemetry-log" ]; then
low line 64

Access to hidden dotfiles in home directory

SourceSKILL.md
64~/.claude/skills/gstack/bin/gstack-telemetry-log --event-type skill_run --skill _pending_finalize --outcome unknown --session-id "$_SESSION_ID" 2>/dev/null || true
low line 71

Access to hidden dotfiles in home directory

SourceSKILL.md
71eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)" 2>/dev/null || true
low line 77

Access to hidden dotfiles in home directory

SourceSKILL.md
77~/.claude/skills/gstack/bin/gstack-learnings-search --limit 3 2>/dev/null || true
low line 83

Access to hidden dotfiles in home directory

SourceSKILL.md
83~/.claude/skills/gstack/bin/gstack-timeline-log '{"skill":"plan-devex-review","event":"started","branch":"'"$_BRANCH"'","session":"'"$_SESSION_ID"'"}' 2>/dev/null &
low line 89

Access to hidden dotfiles in home directory

SourceSKILL.md
89_ROUTING_DECLINED=$(~/.claude/skills/gstack/bin/gstack-config get routing_declined 2>/dev/null || echo "false")
medium line 103

Access to hidden dotfiles in home directory

SourceSKILL.md
103`~/.claude/skills/gstack/[skill-name]/SKILL.md` for reading skill files.
medium line 105

Access to hidden dotfiles in home directory

SourceSKILL.md
105If output shows `UPGRADE_AVAILABLE <old> <new>`: read `~/.claude/skills/gstack/gstack-upgrade/SKILL.md` and follow the "Inline upgrade flow" (auto-upgrade if configured, otherwise AskUserQuestion with
low line 114

Access to hidden dotfiles in home directory

SourceSKILL.md
114touch ~/.gstack/.completeness-intro-seen
medium line 131

Access to hidden dotfiles in home directory

SourceSKILL.md
131If A: run `~/.claude/skills/gstack/bin/gstack-config set telemetry community`
medium line 142

Access to hidden dotfiles in home directory

SourceSKILL.md
142If B→A: run `~/.claude/skills/gstack/bin/gstack-config set telemetry anonymous`
medium line 143

Access to hidden dotfiles in home directory

SourceSKILL.md
143If B→B: run `~/.claude/skills/gstack/bin/gstack-config set telemetry off`
low line 147

Access to hidden dotfiles in home directory

SourceSKILL.md
147touch ~/.gstack/.telemetry-prompted
medium line 163

Access to hidden dotfiles in home directory

SourceSKILL.md
163If A: run `~/.claude/skills/gstack/bin/gstack-config set proactive true`
medium line 164

Access to hidden dotfiles in home directory

SourceSKILL.md
164If B: run `~/.claude/skills/gstack/bin/gstack-config set proactive false`
low line 168

Access to hidden dotfiles in home directory

SourceSKILL.md
168touch ~/.gstack/.proactive-prompted
medium line 213

Access to hidden dotfiles in home directory

SourceSKILL.md
213If B: run `~/.claude/skills/gstack/bin/gstack-config set routing_declined true`
low line 270

Access to hidden dotfiles in home directory

SourceSKILL.md
270eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)"
medium line 346

Access to hidden dotfiles in home directory

SourceSKILL.md
346Before building anything unfamiliar, **search first.** See `~/.claude/skills/gstack/ETHOS.md`.
low line 351

Access to hidden dotfiles in home directory

SourceSKILL.md
351jq -n --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" --arg skill "SKILL_NAME" --arg branch "$(git branch --show-current 2>/dev/null)" --arg insight "ONE_LINE_SUMMARY" '{ts:$ts,skill:$skill,branch:$branch,i
low line 390

Access to hidden dotfiles in home directory

SourceSKILL.md
390~/.claude/skills/gstack/bin/gstack-learnings-log '{"skill":"SKILL_NAME","type":"operational","key":"SHORT_KEY","insight":"DESCRIPTION","confidence":N,"source":"observed"}'
medium line 405

Access to hidden dotfiles in home directory

SourceSKILL.md
405`~/.gstack/analytics/` (user config directory, not project files). The skill
low line 414

Access to hidden dotfiles in home directory

SourceSKILL.md
414rm -f ~/.gstack/analytics/.pending-"$_SESSION_ID" 2>/dev/null || true
low line 416

Access to hidden dotfiles in home directory

SourceSKILL.md
416~/.claude/skills/gstack/bin/gstack-timeline-log '{"skill":"SKILL_NAME","event":"completed","branch":"'$(git branch --show-current 2>/dev/null || echo unknown)'","outcome":"OUTCOME","duration_s":"'"$_T
low line 419

Access to hidden dotfiles in home directory

SourceSKILL.md
419echo '{"skill":"SKILL_NAME","duration_s":"'"$_TEL_DUR"'","outcome":"OUTCOME","browse":"USED_BROWSE","session":"'"$_SESSION_ID"'","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"}' >> ~/.gstack/analytics/skill-
low line 422

Access to hidden dotfiles in home directory

SourceSKILL.md
422if [ "$_TEL" != "off" ] && [ -x ~/.claude/skills/gstack/bin/gstack-telemetry-log ]; then
low line 423

Access to hidden dotfiles in home directory

SourceSKILL.md
423~/.claude/skills/gstack/bin/gstack-telemetry-log \
medium line 442

Access to hidden dotfiles in home directory

SourceSKILL.md
442- Writing to `~/.gstack/` (config, analytics, review logs, design artifacts, learnings)
medium line 483

Access to hidden dotfiles in home directory

SourceSKILL.md
483~/.claude/skills/gstack/bin/gstack-review-read
medium line 637

Access to hidden dotfiles in home directory

SourceSKILL.md
637\`~/.claude/skills/gstack/plan-devex-review/dx-hall-of-fame.md\`
low line 677

Access to hidden dotfiles in home directory

SourceSKILL.md
677SLUG=$(~/.claude/skills/gstack/browse/bin/remote-slug 2>/dev/null || basename "$(git rev-parse --show-toplevel 2>/dev/null || pwd)")
low line 679

Access to hidden dotfiles in home directory

SourceSKILL.md
679DESIGN=$(ls -t ~/.gstack/projects/$SLUG/*-$BRANCH-design-*.md 2>/dev/null | head -1)
low line 680

Access to hidden dotfiles in home directory

SourceSKILL.md
680[ -z "$DESIGN" ] && DESIGN=$(ls -t ~/.gstack/projects/$SLUG/*-design-*.md 2>/dev/null | head -1)
medium line 714

Access to hidden dotfiles in home directory

SourceSKILL.md
714Read the `/office-hours` skill file at `~/.claude/skills/gstack/office-hours/SKILL.md` using the Read tool.
low line 737

Access to hidden dotfiles in home directory

SourceSKILL.md
737SLUG=$(~/.claude/skills/gstack/browse/bin/remote-slug 2>/dev/null || basename "$(git rev-parse --show-toplevel 2>/dev/null || pwd)")
low line 739

Access to hidden dotfiles in home directory

SourceSKILL.md
739DESIGN=$(ls -t ~/.gstack/projects/$SLUG/*-$BRANCH-design-*.md 2>/dev/null | head -1)
low line 740

Access to hidden dotfiles in home directory

SourceSKILL.md
740[ -z "$DESIGN" ] && DESIGN=$(ls -t ~/.gstack/projects/$SLUG/*-design-*.md 2>/dev/null | head -1)
medium line 894

Access to hidden dotfiles in home directory

SourceSKILL.md
894Load the "## Pass 1" section from `~/.claude/skills/gstack/plan-devex-review/dx-hall-of-fame.md`
low line 1087

Access to hidden dotfiles in home directory

SourceSKILL.md
1087_CROSS_PROJ=$(~/.claude/skills/gstack/bin/gstack-config get cross_project_learnings 2>/dev/null || echo "unset")
low line 1090

Access to hidden dotfiles in home directory

SourceSKILL.md
1090~/.claude/skills/gstack/bin/gstack-learnings-search --limit 10 --cross-project 2>/dev/null || true
low line 1092

Access to hidden dotfiles in home directory

SourceSKILL.md
1092~/.claude/skills/gstack/bin/gstack-learnings-search --limit 10 2>/dev/null || true
medium line 1107

Access to hidden dotfiles in home directory

SourceSKILL.md
1107If A: run `~/.claude/skills/gstack/bin/gstack-config set cross_project_learnings true`
medium line 1108

Access to hidden dotfiles in home directory

SourceSKILL.md
1108If B: run `~/.claude/skills/gstack/bin/gstack-config set cross_project_learnings false`
low line 1125

Access to hidden dotfiles in home directory

SourceSKILL.md
1125eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)"
low line 1126

Access to hidden dotfiles in home directory

SourceSKILL.md
1126~/.claude/skills/gstack/bin/gstack-review-read 2>/dev/null | grep plan-devex-review || echo "NO_PRIOR_DX_REVIEWS"
medium line 1145

Access to hidden dotfiles in home directory

SourceSKILL.md
1145Load reference: Read the "## Pass 1" section from `~/.claude/skills/gstack/plan-devex-review/dx-hall-of-fame.md`.
medium line 1174

Access to hidden dotfiles in home directory

SourceSKILL.md
1174Load reference: Read the "## Pass 2" section from `~/.claude/skills/gstack/plan-devex-review/dx-hall-of-fame.md`.
medium line 1198

Access to hidden dotfiles in home directory

SourceSKILL.md
1198Load reference: Read the "## Pass 3" section from `~/.claude/skills/gstack/plan-devex-review/dx-hall-of-fame.md`.
medium line 1223

Access to hidden dotfiles in home directory

SourceSKILL.md
1223Load reference: Read the "## Pass 4" section from `~/.claude/skills/gstack/plan-devex-review/dx-hall-of-fame.md`.
medium line 1239

Access to hidden dotfiles in home directory

SourceSKILL.md
1239Load reference: Read the "## Pass 5" section from `~/.claude/skills/gstack/plan-devex-review/dx-hall-of-fame.md`.
medium line 1257

Access to hidden dotfiles in home directory

SourceSKILL.md
1257Load reference: Read the "## Pass 6" section from `~/.claude/skills/gstack/plan-devex-review/dx-hall-of-fame.md`.
medium line 1275

Access to hidden dotfiles in home directory

SourceSKILL.md
1275Load reference: Read the "## Pass 7" section from `~/.claude/skills/gstack/plan-devex-review/dx-hall-of-fame.md`.
medium line 1291

Access to hidden dotfiles in home directory

SourceSKILL.md
1291Load reference: Read the "## Pass 8" section from `~/.claude/skills/gstack/plan-devex-review/dx-hall-of-fame.md`.
medium line 1309

Access to hidden dotfiles in home directory

SourceSKILL.md
1309`~/.claude/skills/gstack/plan-devex-review/dx-hall-of-fame.md`.
medium line 1352

Access to hidden dotfiles in home directory

SourceSKILL.md
1352"IMPORTANT: Do NOT read or execute any files under ~/.claude/, ~/.agents/, .claude/skills/, or agents/. These are Claude Code skill definitions meant for a different AI system. They contain bash scrip
low line 1441

Access to hidden dotfiles in home directory

SourceSKILL.md
1441~/.claude/skills/gstack/bin/gstack-review-log '{"skill":"codex-plan-review","timestamp":"'"$(date -u +%Y-%m-%dT%H:%M:%SZ)"'","status":"STATUS","source":"SOURCE","commit":"'"$(git rev-parse --short HEA
medium line 1583

Access to hidden dotfiles in home directory

SourceSKILL.md
1583`~/.gstack/` (user config directory, not project files).
low line 1586

Access to hidden dotfiles in home directory

SourceSKILL.md
1586~/.claude/skills/gstack/bin/gstack-review-log '{"skill":"plan-devex-review","timestamp":"TIMESTAMP","status":"STATUS","initial_score":N,"overall_score":N,"product_type":"TYPE","tthw_current":"TTHW_CUR
low line 1598

Access to hidden dotfiles in home directory

SourceSKILL.md
1598~/.claude/skills/gstack/bin/gstack-review-read
low line 1722

Access to hidden dotfiles in home directory

SourceSKILL.md
1722~/.claude/skills/gstack/bin/gstack-learnings-log '{"skill":"plan-devex-review","type":"TYPE","key":"SHORT_KEY","insight":"DESCRIPTION","confidence":N,"source":"SOURCE","files":["path/to/relevant/file"
low line 109

External URL reference

SourceSKILL.md
109thing when AI makes the marginal cost near-zero. Read more: https://garryslist.org/posts/boil-the-ocean"
low line 113

External URL reference

SourceSKILL.md
113open https://garryslist.org/posts/boil-the-ocean
Scanned on Jun 3, 2026
View Security Dashboard
Installation guide →
GitHub Stars 4
Rate this skill
Categoryproduct
UpdatedJune 15, 2026
openclawapiproduct-managerux-designergrowth-pmbackend-developerdevops-sreproductdesigndevelopment
forbotsake/forbotsake