← Back to Skills Marketplace
gfrxf

用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题

by gfrxf · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
91
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install vue2-risk-scan
Description
Skill 用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题
Usage Guidance
This skill appears coherent and limited to scanning a Vue2 project. Before running it: (1) review the included scripts yourself (they're small and bundled) to satisfy yourself they only access project files; (2) run them in a sandbox or CI environment if you are cautious — they call npm audit and npm list which may perform network calls; (3) ensure npm/node are installed in the environment where you run it; (4) be aware of some simplistic checks (e.g., core-js version parsing) that can cause false positives. No credentials are requested and there are no hidden remote endpoints in the scripts.
Capability Analysis
Type: OpenClaw Skill Name: vue2-risk-scan Version: 1.0.0 The skill is a legitimate diagnostic tool designed to scan Vue2 projects for security and configuration risks. It uses shell scripts (scripts/checks/) to inspect local files like package.json, vue.config.js, and babel.config.js for vulnerable dependencies (e.g., axios) and insecure settings (e.g., production source maps). No evidence of malicious intent, data exfiltration, or unauthorized execution was found.
Capability Assessment
Purpose & Capability
The name/description match the actual behavior: scripts check package.json, vue.config.js, babel.config.js and run npm audit/npm list to surface dependency and config issues. No unrelated credentials, binaries, or network endpoints are requested.
Instruction Scope
SKILL.md instructs running scripts from the project root. The scripts only read project files (package.json, vue.config.js, babel.config.js) and invoke local npm commands (npm list, npm audit). There are no hidden remote endpoints or attempts to read unrelated system files. Some checks use simplistic parsing (e.g., core-js version parsing), which may produce false positives, but this is a correctness/quality issue rather than malicious behavior.
Install Mechanism
No install spec: instruction-only with bundled shell scripts. Nothing is downloaded or written to disk by an installer. Risk surface is limited to executing the included scripts.
Credentials
The skill requires no environment variables, no credentials, and no config paths beyond project files. It does run npm audit (which may access the network for audit data) but that is proportional to dependency scanning.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not modify other skills or system-wide config. It runs only when invoked by the user/agent.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install vue2-risk-scan
  3. After installation, invoke the skill by name or use /vue2-risk-scan
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of vue2-risk-scan. - Automates scanning for common risks in Vue2 projects. - Detects dependency security issues, Webpack configuration risks, and Babel configuration problems. - Designed for use in daily development, CI checks, and AI automated diagnosis. - Usage: run sh scripts/scan-vue2-risk.sh in your project root.
Metadata
Slug vue2-risk-scan
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is 用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题?

Skill 用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题. It is an AI Agent Skill for Claude Code / OpenClaw, with 91 downloads so far.

How do I install 用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题?

Run "/install vue2-risk-scan" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题 free?

Yes, 用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题 support?

用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题?

It is built and maintained by gfrxf (@gfrxf); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments