← Back to Skills Marketplace
inksnowhailong

tvs-analyze

by inksnowhailong · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
214
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install tvs-analyze
Description
用户要求代码分析时,提供项目的结构、依赖关系、主要业务、存在问题等信息,帮助开发者快速了解项目。或用户问一些代码的作用时,寻找相关代码的业务逻辑相关代码,分析并总结其作用和实现细节。
Usage Guidance
This skill appears to do what it claims. Before running: (1) inspect scripts/generate-madge.mjs (already included) — it only runs 'command -v', npx madge, and checks Graphviz; (2) be aware that using npx may download and execute packages from npm at runtime — if you prefer, preinstall madge and graphviz to avoid network fetches; (3) avoid running the tool on directories containing sensitive secrets you don't want written into generated artifacts; (4) resolve the minor path inconsistency in SKILL.md (where to run the script) before use. If you need higher assurance, run the script in a sandboxed environment or review/replace 'npx' invocation with an explicitly installed madge binary.
Capability Analysis
Type: OpenClaw Skill Name: tvs-analyze Version: 1.0.0 The skill bundle provides project analysis capabilities but includes a Node.js script (`scripts/generate-madge.mjs`) that is vulnerable to command injection. The script uses `execSync` to execute shell commands (running `npx madge`) using unsanitized input from command-line arguments, which could be exploited to achieve Remote Code Execution (RCE) if the AI agent passes malicious user-provided paths to the script. While the functionality aligns with the stated purpose of code analysis, the lack of input sanitization in a shell-executing script represents a significant security risk.
Capability Assessment
Purpose & Capability
Name/description (project/code analysis, dependency graph, explain code) align with the provided assets: a SKILL.md describing analysis behavior and a small script to generate madge dependency graphs. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md focuses on analyzing project code, producing ASCII diagrams, file/dir overviews and (optionally) generating madge graphs. It does not instruct reading system secrets or unrelated files. Minor inconsistency: the docs show a path 'node .claude/skills/analyze/scripts/generate-madge.mjs' while the repository contains scripts/generate-madge.mjs — likely an install/path expectation but not a security issue.
Install Mechanism
No install spec (instruction-only) — lowest disk risk. The included script uses execSync to call 'npx madge' and 'dot' (Graphviz). npx may fetch packages from the npm registry at runtime (network activity and execution of remote code), which is expected for this workflow but worth noting as a moderate operational risk.
Credentials
The skill requires no environment variables or credentials and writes output into a local '.claude/analyze' directory. Requests are proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request permanent system-level presence or modify other skills. It creates a local output directory within the agent workspace — reasonable for its function.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tvs-analyze
  3. After installation, invoke the skill by name or use /tvs-analyze
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- 首个发布版本,提供代码与项目分析能力。 - 支持项目结构、依赖关系、主要业务、现有问题等多维度分析。 - 针对代码片段,逐步拆解业务流程、输入输出和细节逻辑。 - 回复结构严格分为一句话总结、主体内容(分模块)、结尾建议或追问。 - 强制使用中文纯文本 ASCII 图,优先视觉化展示核心结构与流程。 - 回答语气直观清晰,适合零基础或非专业人士理解。
Metadata
Slug tvs-analyze
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is tvs-analyze?

用户要求代码分析时,提供项目的结构、依赖关系、主要业务、存在问题等信息,帮助开发者快速了解项目。或用户问一些代码的作用时,寻找相关代码的业务逻辑相关代码,分析并总结其作用和实现细节。 It is an AI Agent Skill for Claude Code / OpenClaw, with 214 downloads so far.

How do I install tvs-analyze?

Run "/install tvs-analyze" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is tvs-analyze free?

Yes, tvs-analyze is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does tvs-analyze support?

tvs-analyze is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created tvs-analyze?

It is built and maintained by inksnowhailong (@inksnowhailong); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments