← Back to Skills Marketplace
Project Code Standard
by
forestxieCode
· GitHub ↗
· v0.1.0
406
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install project-code-standard
Description
此 skill 用于检查、执行和修复项目代码规范。当用户需要为项目建立代码风格标准、 检查代码是否符合规范、自动修复格式问题、生成代码质量报告,或在 Code Review 中验证提交是否满足团队规范时激活。支持 Python (PEP8/black/ruff)、JavaScript/ TypeScript (E...
Usage Guidance
This SKILL.md describes reasonable code-quality actions, but it does not include the helper scripts or assets it references. Before installing or invoking the skill, verify where scripts/check_python.py, scripts/check_js.py, scripts/check_general.py and the assets/ templates are expected to come from. If the agent will execute scripts inside your repository, inspect those scripts manually first (or run the skill in a sandboxed copy of the repo). Ensure linters (ruff, black, eslint, prettier) are installed from trusted sources. Be especially cautious about allowing automatic fixes: confirm the skill asks for explicit user permission before modifying files, and consider disabling autonomous execution of fix steps until you have reviewed the tooling and scripts.
Capability Analysis
Type: OpenClaw Skill
Name: project-code-standard
Version: 0.1.0
The skill's stated purpose is benign (code quality checks and formatting). However, the `SKILL.md` instructions for the AI agent involve executing shell commands with user-controlled input, specifically `<target_path>` in commands like `python scripts/check_python.py <target_path> --output markdown`. If the OpenClaw agent does not properly sanitize or quote this input before execution, it creates a significant shell injection vulnerability, potentially leading to arbitrary command execution. While there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, backdoors), this critical vulnerability warrants a 'suspicious' classification.
Capability Assessment
Purpose & Capability
The skill description (linting/formatting for Python and JS/TS) matches the runtime commands (ruff, eslint, black, prettier) and the described flows. However, SKILL.md repeatedly references helper scripts (e.g., python scripts/check_python.py, scripts/check_js.py, scripts/check_general.py) and an assets/ directory for templates that are NOT provided by the skill package. It's unclear whether those scripts are expected to already exist in the user's project, provided by a separate install step, or omitted — this is an inconsistency between claimed capability and what's actually packaged.
Instruction Scope
Instructions stay within the domain of code-quality checks (inspect repo root, run linters, optionally fix files, produce a markdown report). They explicitly say to avoid overwriting existing configs and to ask user confirmation before automatic fixes, which is good. But the instructions direct the agent to execute arbitrary scripts from the project's scripts/ path (if present). Running project-local scripts means the agent could execute arbitrary repository code — functionally relevant but a potentially risky action that the SKILL.md does not advise the user to inspect first.
Install Mechanism
No install spec is provided (instruction-only), which reduces the skill's ability to write files or pull code on install. However, the runtime assumes external tools (ruff, black, eslint, prettier) and non-existent local helper scripts/assets. Because there is no guidance to install these tools from trusted sources or to verify the helper scripts before execution, there is operational ambiguity and a modest risk if the agent runs commands in a repository with untrusted code.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no disproportionate credential demands relative to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent privileges. Autonomous invocation is allowed by default but is expected for this type of skill. There is no indication the skill modifies other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install project-code-standard - After installation, invoke the skill by name or use
/project-code-standard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of project-code-standard — a tool for checking, enforcing, and fixing code standards across projects.
- Supports Python (PEP8/black/ruff), JavaScript/TypeScript (ESLint/Prettier), and general project rules (naming, comments, structure).
- Identifies project type, runs appropriate lint/format checks, and summarizes results in a markdown report.
- Offers automated fixes with user confirmation.
- Can generate starter configuration files for new projects.
- Respects existing project lint configurations and avoids modifying files without explicit approval.
Metadata
Frequently Asked Questions
What is Project Code Standard?
此 skill 用于检查、执行和修复项目代码规范。当用户需要为项目建立代码风格标准、 检查代码是否符合规范、自动修复格式问题、生成代码质量报告,或在 Code Review 中验证提交是否满足团队规范时激活。支持 Python (PEP8/black/ruff)、JavaScript/ TypeScript (E... It is an AI Agent Skill for Claude Code / OpenClaw, with 406 downloads so far.
How do I install Project Code Standard?
Run "/install project-code-standard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Project Code Standard free?
Yes, Project Code Standard is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Project Code Standard support?
Project Code Standard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Project Code Standard?
It is built and maintained by forestxieCode (@forestxiecode); the current version is v0.1.0.
More Skills