← Back to Skills Marketplace
northcipher

project-assistant

by Northcipher · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
351
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install project-assistant
Description
项目初始化与智能分析工具。当用户要求初始化新项目、分析项目结构、项目问答时使用。触发词:初始化项目、init、分析项目、项目问答。
Usage Guidance
Before installing or enabling this skill: 1) Inspect SKILL.md, scripts/feishu_doc_manager.py and scripts/analyzers/env_scanner.py to understand what data is read, logged, or transmitted. 2) Be cautious storing any API tokens or secrets: the skill stores config in config.json (cross-session) and supports Feishu tokens — only add tokens if you trust the code and destination. 3) If you plan to run it on sensitive repositories, run it in a sandbox or on a copy without secrets (or remove .env and credentials first). 4) Remove or review any unicode/control characters in SKILL.md (they could be a prompt-injection artifact). 5) If you need guarantees about data exfiltration, require explicit declarations of external endpoints and audit the network behavior of feishu_doc_manager before providing tokens. If you want me to, I can scan the specific files (feishu_doc_manager.py, env_scanner.py, qa_doc_manager.py) and summarize any external network calls, data serialization, or obvious secret-handling code.
Capability Analysis
Type: OpenClaw Skill Name: project-assistant Version: 1.0.0 The bundle is a highly capable project analysis tool that includes several high-risk 'dual-use' features. Specifically, 'scripts/analyzers/env_scanner.py' is designed to scan the entire project for sensitive secrets, including OpenAI API keys, AWS credentials, and private keys, while 'scripts/analyzers/ipc_analyzer.py' maps out system-level communication interfaces. While these are framed as developer aids, they facilitate the aggregation of sensitive data. Additionally, multiple parsers (e.g., 'manifest_parser.py' and 'maven_parser.py') utilize the 'xml.etree.ElementTree' library, which is inherently vulnerable to XML External Entity (XXE) attacks. No evidence of intentional data exfiltration was found, but the combination of secret harvesting and vulnerable parsing logic warrants a suspicious classification.
Capability Assessment
Purpose & Capability
Name/description align with the included code: the repo contains many Python scripts for detection, analyzers, QA document management and Feishu integration and the skill only requires python3. However README/SKILL.md mention Feishu tokens (feishu.doc_token, etc.) and cross-session config storage (config.json) but the skill's declared requirements list no environment variables — the feature is supported via stored config rather than explicit declared env vars. That's plausible but worth calling out because credentials may be stored in config.json rather than passed as env vars.
Instruction Scope
SKILL.md instructs the agent to scan a project directory, read and update .claude/project.md, run many local analyzers (detector, cache manager, qa_doc_manager, feishu_doc_manager, env_scanner, call-chain analyzer). Those analyzers can read arbitrary project files (including .env, config files, source) and the env_scanner module is present, which may detect/expose environment variables or secrets. SKILL.md also contains detected unicode-control-chars (prompt-injection) which could be an attempt to influence runtime behavior. The instructions do not explicitly warn users about scanning for secrets or external transmission of generated reports.
Install Mechanism
No install spec (instruction-only) and required runtime is just python3. Code is provided with the skill (many Python scripts) and will be executed locally; there is no suspicious remote download/install mechanism in the manifest.
Credentials
The skill declares no required environment variables (good), but supports storing arbitrary configuration (config.json) and references Feishu integration in README/SKILL.md. Feishu tokens are referenced in docs (feishu.doc_token, etc.) and could be stored in config.json via the config_manager. The ability to store arbitrary custom keys (custom.*) means secrets could be persisted across sessions; this is functionally coherent but sensitive and not made explicit in the top-level requirements.
Persistence & Privilege
always:false (normal). The skill persists configuration to config.json in its baseDir (documented) to enable cross-session settings. It does not request global system modifications or 'always' inclusion. However cross-session stored config can contain tokens/keys — the skill is allowed to persist data within its own directory.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install project-assistant
  3. After installation, invoke the skill by name or use /project-assistant
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of project-assistant. - Provides project initialization and intelligent Q&A support for 50+ project types. - Supports role-based analysis (architect, developer, manager, tester, DevOps). - Includes command system for config management, project init, Q&A docs, and Feishu integration. - Implements step-by-step flow: detect project, check docs, cache, search Q&A, answer, and document. - Modular structure with extensible guides and submodules. - Requires Python 3.6+ (Git and PyYAML optional).
Metadata
Slug project-assistant
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is project-assistant?

项目初始化与智能分析工具。当用户要求初始化新项目、分析项目结构、项目问答时使用。触发词:初始化项目、init、分析项目、项目问答。 It is an AI Agent Skill for Claude Code / OpenClaw, with 351 downloads so far.

How do I install project-assistant?

Run "/install project-assistant" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is project-assistant free?

Yes, project-assistant is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does project-assistant support?

project-assistant is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created project-assistant?

It is built and maintained by Northcipher (@northcipher); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments