← Back to Skills Marketplace
190
Downloads
1
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install project-analyzer
Description
SDD 软件设计文档生成器 - 基于 Harness Engineering 模式构建受控环境。 核心理念:通过架构约束、上下文工程、反馈循环、熵管理,让 AI 在约束下高效可靠地生成文档。 使用场景:(1) 新项目接入时生成 SDD 文档 (2) 生成开发规范 (3) 分析数据库结构 (4) 对接 Apifox...
Usage Guidance
This skill appears to be what it says (an automated SDD/project analyzer) but it deliberately reads the full contents of a project, including config files and deployment manifests that often contain secrets (DB passwords, API keys, kube secrets). Before installing or running:
- Inspect the omitted files (especially agents/openai.yaml, scripts/main.py, and any other truncated modules) for network calls (search for 'requests', 'http', 'urllib', 'socket', 'openai', 'apifox', 'upload', 'POST') and any code that sends scanned data externally.
- Confirm whether Apifox/OpenAI integrations exist and, if so, what credentials they need and where those credentials are stored; the skill does not declare required env vars but may still attempt external sync.
- Do not run the tool directly on repositories that contain production secrets. Instead, run it on a sanitized copy or in an isolated VM/container.
- If you need to grant it access to a project with sensitive data, remove or redact secrets (or mount a curated subset of files) and monitor network activity during the first run.
Because several files were truncated in the provided bundle, I rate the assessment as medium-confidence — reviewing the omitted source (especially anything that references external endpoints or credentials) could move this to benign or reveal higher risk.
Capability Analysis
Type: OpenClaw Skill
Name: project-analyzer
Version: 1.0.6
The project-analyzer skill is a legitimate tool designed to automate the generation of software design documentation (SDD) by scanning local project files. It utilizes a suite of Python scripts (scripts/main.py, scripts/project_scanner.py, scripts/database_scanner.py, etc.) and specific AI agent instructions (SKILL.md) to identify technology stacks, database schemas, and API endpoints. While the skill requires broad read access to source code and configuration files (e.g., pom.xml, application.yml, and SQL scripts) to perform its analysis, its behavior is strictly aligned with its stated purpose. There is no evidence of data exfiltration, credential theft, unauthorized remote execution, or malicious prompt injection.
Capability Assessment
Purpose & Capability
Name/description (SDD generator) match the provided code: scanners, doc generator, constraint/feedback/entropy components and templates. Requiring python3 is appropriate and requested dependencies are proportional to the stated purpose.
Instruction Scope
SKILL.md and scripts explicitly instruct scanning and "must read" the full contents of many files (README, application.yml, Dockerfile, k8s/*.yaml, all Java controllers/entities, SQL files, migrations, etc.). This is coherent for code analysis, but it means the skill will read configuration and secret-bearing files (DB credentials, API keys, kube manifests). The instructions are prescriptive ("禁止跳过任何文件"), giving the agent broad read access to project data.
Install Mechanism
No install spec or remote downloads are used; code is bundled with the skill and runs under python3. This minimizes supply-chain install risk (nothing fetched from arbitrary URLs during install).
Credentials
The skill declares no required environment variables or credentials (good), but it will read project config files that commonly contain secrets. The README and manifest mention Apifox/OpenAI integration; omitted files (agents/openai.yaml and other truncated files) could reference external APIs or require credentials — this is not declared in requires.env and should be inspected.
Persistence & Privilege
always:false and no declared config paths or system modifications. The skill does not request persistent platform-wide privileges in the manifest. Autonomous invocation is allowed by default (platform behavior) but not combined here with explicit always:true or extra credential access.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install project-analyzer - After installation, invoke the skill by name or use
/project-analyzer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.6
**Summary: Major internal refactor introducing implementation scripts and removing obsolete reference docs.**
- Added core implementation scripts for scanning, analyzing, and generating documents (e.g., api_scanner.py, doc_generator.py, feedback_loop.py).
- Introduced structured configuration and template files to support modular document generation.
- Provided project infrastructure files such as README.md, manifest.yaml, package.json, and requirements.txt.
- Removed legacy reference documentation and sample templates, consolidating guidance into new scripts and config templates.
- No changes to user-facing principles or documentation standards.
v1.0.5
## project-analyzer v5.0.0 (major update)
- 强化了“先扫描/读取,后生成”原则,严格要求所有文档类型都必须逐文件读取真实内容,禁止凭空假设或省略扫描步骤。
- 全面细化了 SDD 文档体系的各子类型,详细列明每类文档的必读文件、典型扫描命令、自检清单和规范性对照要求。
- 增加数据库类型与技术栈的自动推断依据,提升文档生成的准确性和系统性。
- 明确文档生成流程和每个环节的校验措施,新增“自检”与“内容对照”强制步骤,确保输出与真实源文件一致。
- 调整项目说明及标准流程表述,更侧重流程驱动和合规输出,避免遗漏和主观假设。
v1.0.4
**Major update: Introduces Harness Engineering concepts for higher control, reliability, and quality in AI-generated SDD documents.**
- Adopts Harness Engineering methodology, including constraints, context engineering, feedback loop, and entropy management to improve document generation quality.
- Adds architectural "constraints" for standardized output (format, structure, content, quality) and an automated constraint checker.
- Implements a "context builder" to inject rich project and technology context for more accurate, customized documentation.
- Introduces a "feedback loop" system with structural/content validators for iterative quality checks and automatic content fixing.
- Updates description and documentation to reflect the new design philosophy and major capability enhancements.
v1.0.3
2.0.0 brings a major upgrade with full SDD(Software Design Document)support:
- 全面升级为 SDD 软件设计文档自动生成:新增 SRS、SAD、SDD、DBD、APID、TSD 文档体系。
- 输出结构全新调整,支持标准 SDD 文档及开发规范分层。
- 提供详细的 SDD 文档模板,便于定制和补充需求。
- 配置项和使用方式同步更新,支持 SDD 相关选项配置。
- 优化开发规范文档检查及自动补全。
- 持续支持 Apifox 对接、DevOps 集成与多技术栈自动分析。
v1.0.2
- Added standards-detection.md to references, documenting project standards detection.
- Enhanced documentation on规范检查 (standards checking) and automatic standards file creation.
- New config options for controlling auto-creation and behavior of standards documentation.
- Now scans for existing standards docs and auto-creates missing ones as needed (with confirmation options).
- Improved process description for standards compliance in project analysis.
v1.0.0
project-analyzer 1.0.0
- 首次发布:自动分析多种技术栈项目并生成完整文档体系
- 支持 Java/Spring Boot、Node.js、Python、Go、React/Vue 前端项目
- 提供架构、数据库、开发规范、快速启动、测试规范等多类型文档生成
- 集成 Apifox:自动导出 OpenAPI 文档、同步接口、生成测试用例及报告
- 丰富自定义选项与模板,支持项目定制与 CI/CD 文档自动化
Metadata
Frequently Asked Questions
What is project-analyzer?
SDD 软件设计文档生成器 - 基于 Harness Engineering 模式构建受控环境。 核心理念:通过架构约束、上下文工程、反馈循环、熵管理,让 AI 在约束下高效可靠地生成文档。 使用场景:(1) 新项目接入时生成 SDD 文档 (2) 生成开发规范 (3) 分析数据库结构 (4) 对接 Apifox... It is an AI Agent Skill for Claude Code / OpenClaw, with 190 downloads so far.
How do I install project-analyzer?
Run "/install project-analyzer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is project-analyzer free?
Yes, project-analyzer is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does project-analyzer support?
project-analyzer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created project-analyzer?
It is built and maintained by whisky (@whiskeyforsun); the current version is v1.0.6.
More Skills