← 返回 Skills 市场
127
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install agiza
功能描述
25 advanced engineering agent skills and plugins for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw. Agent design, RAG, MCP servers, CI/CD, database design...
使用说明 (SKILL.md)
Engineering Advanced Skills (POWERFUL Tier)
25 advanced engineering skills for complex architecture, automation, and platform operations.
Quick Start
Claude Code
/read engineering/agent-designer/SKILL.md
Codex CLI
npx agent-skills-cli add alirezarezvani/claude-skills/engineering
Skills Overview
| Skill | Folder | Focus |
|---|---|---|
| Agent Designer | agent-designer/ |
Multi-agent architecture patterns |
| Agent Workflow Designer | agent-workflow-designer/ |
Workflow orchestration |
| API Design Reviewer | api-design-reviewer/ |
REST/GraphQL linting, breaking changes |
| API Test Suite Builder | api-test-suite-builder/ |
API test generation |
| Changelog Generator | changelog-generator/ |
Automated changelogs |
| CI/CD Pipeline Builder | ci-cd-pipeline-builder/ |
Pipeline generation |
| Codebase Onboarding | codebase-onboarding/ |
New dev onboarding guides |
| Database Designer | database-designer/ |
Schema design, migrations |
| Database Schema Designer | database-schema-designer/ |
ERD, normalization |
| Dependency Auditor | dependency-auditor/ |
Dependency security scanning |
| Env Secrets Manager | env-secrets-manager/ |
Secrets rotation, vault |
| Git Worktree Manager | git-worktree-manager/ |
Parallel branch workflows |
| Interview System Designer | interview-system-designer/ |
Hiring pipeline design |
| MCP Server Builder | mcp-server-builder/ |
MCP tool creation |
| Migration Architect | migration-architect/ |
System migration planning |
| Monorepo Navigator | monorepo-navigator/ |
Monorepo tooling |
| Observability Designer | observability-designer/ |
SLOs, alerts, dashboards |
| Performance Profiler | performance-profiler/ |
CPU, memory, load profiling |
| PR Review Expert | pr-review-expert/ |
Pull request analysis |
| RAG Architect | rag-architect/ |
RAG system design |
| Release Manager | release-manager/ |
Release orchestration |
| Runbook Generator | runbook-generator/ |
Operational runbooks |
| Skill Security Auditor | skill-security-auditor/ |
Skill vulnerability scanning |
| Skill Tester | skill-tester/ |
Skill quality evaluation |
| Tech Debt Tracker | tech-debt-tracker/ |
Technical debt management |
Rules
- Load only the specific skill SKILL.md you need
- These are advanced skills — combine with engineering-team/ core skills as needed
安全使用建议
What to consider before installing:
- Source trust: the registry shows 'source: unknown' and no homepage; prefer skills with a verifiable repository or author. The bundle’s plugin.json mentions a GitHub repo, but confirm that URL and the repository contents yourself.
- Prompt-injection: the top-level SKILL.md contains phrases that look like prompt-injection (e.g., 'ignore-previous-instructions', 'you-are-now'). These can make an agent change behavior unexpectedly. Open and read the SKILL.md and remove or neutralize any such directives before granting automated invocation.
- Remote fetches: the Quick Start suggests running an npx command which will fetch and execute remote installer code. Only run that if you trust the external package and have inspected it (or run in an isolated sandbox/container).
- Local script execution: many bundled Python scripts read and analyze local repositories (Terraform, CI config, etc.). Review the specific scripts you intend to run; run them in a sandbox or with non-privileged user accounts first. Don't run them as root or with credentials mounted into the execution environment.
- Sample secrets: demo files include example hardcoded keys/passwords for testing — treat them as test data and ensure they are not accidentally committed or used in production.
- If you want lower risk: (1) manually extract only the sub-skill SKILL.md and code you need and inspect it, (2) run analyses on a copy of your codebase in an isolated environment, and (3) disable autonomous invocation for this skill until you have fully reviewed it.
If you want, I can: (a) list the specific SKILL.md files that contain the suspicious prompt-injection phrases, (b) pull out and summarize the Python scripts that execute system I/O or network calls, or (c) produce a short checklist you can use to safely test this skill in a sandbox.
功能分析
Package: (mcp)
Version:
Description:
The provided source code for the 'mcp' package is a comprehensive suite of engineering utilities and 'skills' designed for AI agents and developers. The package includes modules for multi-agent collaboration (agenthub), autonomous optimization experiments (autoresearch-agent), database schema analysis and migration, API linting, CI/CD pipeline generation, and security auditing of other agent skills. While the package makes extensive use of Python's subprocess module with shell=True, this is a functional requirement for its purpose as a developer tool intended to execute user-configured build, test, and benchmark commands. The code demonstrates legitimate developer workflows, such as managing git worktrees, syncing local environment files for development, and generating operational runbooks. There is no evidence of malicious intent, credential exfiltration, or unauthorized remote payload execution. Notably, the package includes its own security auditor script designed to detect the very types of malicious patterns (e.g., command injection, credential harvesting) that security analysts look for, further indicating its legitimate nature as a productivity and safety tool.
能力评估
Purpose & Capability
The name/description (25 advanced engineering skills) aligns with the provided content: 25 subfolders, SKILL.md per sub-skill, and many Python utilities for static analysis, RAG, CI/CD, Terraform, etc. No required env vars or binaries are declared, which is consistent with an instruction-only skill that expects the agent environment to already have typical tooling. Minor concern: the registry metadata lists source as unknown and homepage none, while some embedded plugin.json files point to an external GitHub — lack of a clear authoritative source reduces trust.
Instruction Scope
The top-level SKILL.md and many sub-SKILLs instruct the agent to read project directories and run included Python scripts (e.g., python3 scripts/tf_security_scanner.py ./terraform). Those scripts perform filesystem reads and parse code (expected for these utilities). However, the SKILL.md contains detected prompt-injection patterns (e.g., 'ignore-previous-instructions', 'you-are-now') and also suggests running external installer commands (npx agent-skills-cli add ...), which causes the agent or user to fetch and execute remote code. Together these raise the risk that the skill could try to manipulate agent prompts or cause the agent to fetch/execute untrusted code. The filesystem and code-reading scope is legitimate for static-analysis tasks, but the prompt-injection phrases and remote install hints are red flags.
Install Mechanism
There is no formal install spec in the registry (instruction-only). That is lower risk in the sense nothing is automatically downloaded by the registry, but the SKILL.md encourages running an npx CLI to add a remote package (npx agent-skills-cli add alirezarezvani/claude-skills/engineering). Running that command will fetch code from npm/GitHub and execute an installer — this is an external network fetch not controlled by the registry. Many Python scripts are bundled and may be executed locally; executing them requires trusting their contents. Because the repository source is not verifiably provided in the skill metadata, these external fetches and local script executions are a meaningful install-time risk.
Credentials
The skill declares no required environment variables, secrets, or config paths. The bundled scripts are designed to scan files (including for hardcoded secrets) but do not themselves request credentials in metadata. This is proportionate to a code-auditing/engineering skills bundle. Note: some demo/sample files in the code include example hardcoded keys/passwords for testing — these are samples and not actual credential requests, but they should be treated carefully if executed or uploaded.
Persistence & Privilege
always is false and disable-model-invocation is not set to block autonomous invocation (the platform default). The skill does not request permission to alter other skills or system-wide agent settings. That is proportional. The only additional concern is that the skill suggests running an external npx add command which could alter the agent environment if the user runs it — this is an action the user controls, not an automatic persistence request from the registry.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install agiza - 安装完成后,直接呼叫该 Skill 的名称或使用
/agiza触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of "Engineering Advanced Skills" — a suite of 25 advanced engineering agent skills and plugins.
- Supports multiple agent platforms: Claude Code, Codex CLI, OpenClaw, and more.
- Covers topics including agent architecture, RAG, MCP servers, CI/CD, database design, observability, security auditing, and release management.
- Provides quick start instructions and a detailed overview table for all available skills.
- Designed for complex engineering automation, platform ops, and advanced architectural needs.
元数据
常见问题
agiza_agents 是什么?
25 advanced engineering agent skills and plugins for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw. Agent design, RAG, MCP servers, CI/CD, database design... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 127 次。
如何安装 agiza_agents?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install agiza」即可一键安装,无需额外配置。
agiza_agents 是免费的吗?
是的,agiza_agents 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
agiza_agents 支持哪些平台?
agiza_agents 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 agiza_agents?
由 bizzy604(@bizzy604)开发并维护,当前版本 v1.0.0。
推荐 Skills