← Back to Skills Marketplace
Auto Prodcution
by
tethercrypto888-star
· GitHub ↗
· v1.0.0
· MIT-0
74
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install vibe-innovative-idea-first-and-use-this-skill-to-production-automatically
Description
用「评分表驱动迭代」方法把项目做到生产级别。每次输入 /vibe-coding 启动,自动打分、修复、循环直到满足生产就绪阈值。
Usage Guidance
This skill is coherent with its stated purpose but has two practical risks you should consider before installing or running it: (1) It will automatically modify and commit files in your repo without per-change confirmation. Run it only on a fork/branch or a disposable clone, or modify the workflow to produce diffs for human review instead of committing. (2) It expects many external CLI tools (semgrep, trivy, govulncheck, npm/pip-audit, gocyclo, etc.) but does not declare them; ensure these are installed in a controlled environment. Additional precautions: back up your repo, run in a sandbox or CI job with limited permissions, review the VIBE_SCORECARD.md and every proposed commit before merging, and avoid running this on repositories that contain secrets or production credentials. If you want safer operation, require interactive confirmation before commits or change commit commands to create branches/PRs instead of direct commits.
Capability Analysis
Type: OpenClaw Skill
Name: vibe-innovative-idea-first-and-use-this-skill-to-production-automatically
Version: 1.0.0
The skill implements an autonomous 'vibe coding' workflow that iterates on project quality and security. It requires broad permissions to execute shell commands (e.g., semgrep, trivy, npm audit, curl) and perform automated git commits. Most notably, SKILL.md contains explicit instructions for the agent to bypass user confirmation ('do not ask whether to continue'), which is a high-risk behavior that removes human oversight for potentially destructive operations. While the behavior is aligned with the stated purpose, the combination of shell access and the instruction to override safety prompts warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description align with the runtime instructions: reading the repo, evaluating dimensions, making fixes, and committing changes is coherent with an 'auto production' workflow. However, the SKILL.md expects many CLI scanners and git to be present (semgrep, trivy, govulncheck, npm/pip-audit, gocyclo, etc.) but the skill metadata declares no required binaries — the skill will fail or behave unpredictably if those tools are missing.
Instruction Scope
The instructions explicitly tell the agent to modify repository files and run 'git add -A && git commit ...' for every sub-fix and to 'directly execute' without asking for confirmation. That gives the skill authority to make persistent, potentially large changes to user code without explicit consent per change. The skill also instructs scanning for secrets and running security tools on the whole repo (which is expected) but does not constrain what to do with discovered secrets or results — this increases risk of accidental disclosure or destructive automated edits.
Install Mechanism
No install spec and no code files are present (instruction-only), which minimizes supply-chain risk. There is no download or extract step. The main practical issue is that required third-party tools are referenced in SKILL.md but not declared as dependencies.
Credentials
The skill requests no environment variables or credentials, which is proportionate to its stated purpose. Nonetheless, running the recommended scanners will read all repository files (which may contain secrets) and the skill makes no guidance about handling or protecting any sensitive findings it uncovers.
Persistence & Privilege
Although always:false and there is no special platform privilege, the skill directs automatic, repeated commits into the user's repository and instructs the agent not to ask 'whether to proceed' before making changes. That persistent modification behavior is powerful and risky — it can alter source history, introduce regressions, or leak sensitive data in commits if used without safeguards.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vibe-innovative-idea-first-and-use-this-skill-to-production-automatically - After installation, invoke the skill by name or use
/vibe-innovative-idea-first-and-use-this-skill-to-production-automatically - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
1.0.0
Metadata
Frequently Asked Questions
What is Auto Prodcution?
用「评分表驱动迭代」方法把项目做到生产级别。每次输入 /vibe-coding 启动,自动打分、修复、循环直到满足生产就绪阈值。 It is an AI Agent Skill for Claude Code / OpenClaw, with 74 downloads so far.
How do I install Auto Prodcution?
Run "/install vibe-innovative-idea-first-and-use-this-skill-to-production-automatically" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Auto Prodcution free?
Yes, Auto Prodcution is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Auto Prodcution support?
Auto Prodcution is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Auto Prodcution?
It is built and maintained by tethercrypto888-star (@tethercrypto888-star); the current version is v1.0.0.
More Skills