← Back to Skills Marketplace
antonia-sz

AI 项目评估助手

by antonia huang · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
434
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install project-evaluator
Description
描述一个项目想法,AI 从市场/技术/商业/风险四个维度系统评估, 输出评估报告、竞品速查、MVP建议,帮你决策「值不值得做」。
Usage Guidance
This skill runs a local Python script that sends your project text and a Bearer API key to an LLM HTTP endpoint (default: https://api.deepseek.com). Before installing or using it: (1) Inspect the code (you already have it) and confirm you trust the API_BASE domain. (2) Do not set your production OPENAI_API_KEY unless you intend that key to be sent to the configured API_BASE; prefer creating a dedicated key for this tool or set API_BASE to your trusted provider. (3) Update or ask the publisher to include the required env vars (OPENAI_API_KEY/DEEPSEEK_API_KEY) in the skill metadata so users are not surprised. (4) If unsure about the endpoint, run the script in a sandboxed environment or monitor outbound network calls. These mismatches (undocumented required creds and an unfamiliar default API host) are why this is rated 'suspicious' rather than 'benign.'
Capability Analysis
Type: OpenClaw Skill Name: project-evaluator Version: 1.0.0 The skill is designed to evaluate project ideas using an LLM, but it contains significant security vulnerabilities. The `SKILL.md` file provides an `exec` command template that is vulnerable to shell injection because it passes user-provided project descriptions directly into a shell command via the `--idea` flag. Additionally, `scripts/evaluate_project.py` allows writing output to arbitrary file paths provided by the user, which could lead to unauthorized file overwrites. While the logic appears intended for its stated purpose, these flaws represent a high risk of remote code execution and system compromise.
Capability Assessment
Purpose & Capability
The code and SKILL.md align with the stated purpose: they call an LLM to generate an evaluation report. However, the skill metadata declares no required environment variables or primary credential while both the README and the script expect an API key (OPENAI_API_KEY or DEEPSEEK_API_KEY). That omission is an incoherence that can mislead users about what secrets are needed.
Instruction Scope
SKILL.md instructs running the included script; the script only takes the idea/context and writes an output file. It does not read unrelated local files. But the script reads environment variables for API credentials and an API base URL — the SKILL.md does not explicitly warn that you'll need to provide an API key or that the key will be sent to the configured API_BASE.
Install Mechanism
No install spec and only a small Python script are included. There is no network installer or archive download. Risk from installation is low.
Credentials
The script requires an LLM API key (OPENAI_API_KEY or DEEPSEEK_API_KEY) and will send it as a Bearer token to API_BASE. The skill metadata does not declare this required credential (primaryEnv none). Additionally, the default API_BASE is https://api.deepseek.com — an unfamiliar third-party domain. If a user sets OPENAI_API_KEY expecting requests to OpenAI, that key would be sent to deepseek.com unless API_BASE is changed, which could leak credentials to an unexpected endpoint.
Persistence & Privilege
The skill has no 'always' privilege and does not request persistent system-wide configuration. It does not modify other skills or system settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install project-evaluator
  3. After installation, invoke the skill by name or use /project-evaluator
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
初版发布
Metadata
Slug project-evaluator
Version 1.0.0
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is AI 项目评估助手?

描述一个项目想法,AI 从市场/技术/商业/风险四个维度系统评估, 输出评估报告、竞品速查、MVP建议,帮你决策「值不值得做」。 It is an AI Agent Skill for Claude Code / OpenClaw, with 434 downloads so far.

How do I install AI 项目评估助手?

Run "/install project-evaluator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AI 项目评估助手 free?

Yes, AI 项目评估助手 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does AI 项目评估助手 support?

AI 项目评估助手 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AI 项目评估助手?

It is built and maintained by antonia huang (@antonia-sz); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments