← Back to Skills Marketplace
sunshine-del-ux

Package.json Generator

by Sunshine-del-ux · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
391
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install package-json-generator
Description
生成专业的 package.json,包含最佳实践的脚本、依赖和配置。
Usage Guidance
This skill's marketing and README promise more than the delivered code. Before installing or running it: 1) don't run it in a real project root — it will overwrite package.json without prompting; run it in a disposable directory first. 2) Note SKILL.md shows --name/--type flags but the script only accepts positional name and version — ask the author for a corrected CLI or updated script. 3) If you need true "best-practice" generation (dev/prod deps, validations), use a well-known tool (npm init, create-node-app, Yeoman generators) or review and extend the script yourself. 4) If you still want to use this skill, request the maintainer to add safety checks (refuse to overwrite, back up existing package.json), implement the advertised options, and document exact behavior.
Capability Analysis
Type: OpenClaw Skill Name: package-json-generator Version: 1.0.0 The `package-json-generator.sh` script directly interpolates user-supplied arguments (`$1` and `$2`) into the generated `package.json` file without proper sanitization or escaping. This creates a JSON injection vulnerability, allowing an attacker to manipulate the structure or content of the `package.json` file by providing crafted input (e.g., containing double quotes or other JSON metacharacters). This is a flaw that allows an attack, classifying it as suspicious rather than malicious, as there is no evidence of intentional harmful behavior like data exfiltration or backdoor installation.
Capability Assessment
Purpose & Capability
The name/description promise 'best-practice validation', dependency separation, semantic versioning, and a flag-style CLI, but the included package-json-generator.sh only writes a minimal package.json from two positional arguments (name and version). The declared capabilities are disproportionate to the provided code.
Instruction Scope
SKILL.md shows usage with options (--name, --type, --framework) and claims validations and dependency management, but the runtime artifact only generates a basic package.json and accepts positional args. The script unconditionally writes to package.json (cat > package.json), overwriting any existing file without confirmation — a destructive behavior not documented in SKILL.md. There is no network access or exfiltration, however the mismatch between instructions and implementation is significant.
Install Mechanism
No install spec (instruction-only) and only a simple shell script are included. No external downloads or package installs are performed by the skill bundle itself, which is low risk.
Credentials
The skill requests no environment variables, credentials, or config paths, and the script does not access sensitive env vars. This is proportionate to a package.json generator.
Persistence & Privilege
always is false and the skill does not request persistent or elevated privileges or modify other skills' configuration. Its only filesystem effect is writing a package.json in the current directory.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install package-json-generator
  3. After installation, invoke the skill by name or use /package-json-generator
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- 首次发布 package-json-generator。 - 生成专业的 package.json 文件,包含标准化 scripts 和最佳实践。 - 支持开发/生产依赖分离及语义化版本。 - 提供命令行用法示例。
Metadata
Slug package-json-generator
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Package.json Generator?

生成专业的 package.json,包含最佳实践的脚本、依赖和配置。 It is an AI Agent Skill for Claude Code / OpenClaw, with 391 downloads so far.

How do I install Package.json Generator?

Run "/install package-json-generator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Package.json Generator free?

Yes, Package.json Generator is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Package.json Generator support?

Package.json Generator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Package.json Generator?

It is built and maintained by Sunshine-del-ux (@sunshine-del-ux); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments