← 返回 Skills 市场
uchibeke

Aport Complete

作者 Uchi Uchibeke · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
246
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install aport-complete
功能描述
Verify a completed task against your APort passport's deliverable contract before marking it done. Enforces acceptance criteria, summary requirements, test s...
使用说明 (SKILL.md)

/aport-complete — Verify Before Done

Your APort passport defines what you must deliver before a task is complete. This skill enforces that contract. Do not mark any task done without running this first.

When to use this skill

  • Before telling a user "I'm done" or "it's complete"
  • Before closing a task, ticket, or GitHub issue
  • Before opening a PR and considering work finished
  • Before handing off to another agent
  • Any time you would otherwise call a task complete

Prerequisites

You must have an APort passport with a deliverable contract.

If you don't have one, create a passport first:

You need APORT_AGENT_ID in your environment. This is returned when you create your passport and saved to aport-passport.json.

Step 1 — Compile your completion context

Before calling the API, gather:

Field Required How to get it
task_id Yes The task/ticket/issue identifier
output_type Yes code, document, analysis, plan, data, or other
summary If passport requires it Write a clear summary of what you did
tests_passing If passport requires it Run your test suite, report result
author_agent_id If reviewer required Your own APORT_AGENT_ID
reviewer_agent_id If reviewer required The agent_id of the reviewing agent
criteria_attestations Always One entry per criterion in your passport
output_content If scan_output enabled Your full output (for pattern scanning)

Step 2 — Build your attestations

Your passport defines acceptance criteria as a list of descriptions. Each criterion maps to a criterion_id — the description slugified to lowercase with spaces replaced by hyphens.

Example:

Criterion description: "A concrete output artifact must be produced"
criterion_id:          "a-concrete-output-artifact-must-be-produced"

For each criterion in your passport, you must submit:

{
  "criterion_id": "a-concrete-output-artifact-must-be-produced",
  "met": true,
  "evidence": "Concrete evidence — a file path, PR URL, CI run id, command output"
}

Evidence must be non-empty. "I believe this is met" is not evidence. Good evidence: PR #47 at github.com/org/repo/pull/47 Good evidence: grep -r "TODO" src/ returned 0 results Good evidence: CI run #1234 passed — https://ci.example.com/runs/1234

Step 3 — Call the verify endpoint

POST https://aport.io/api/verify/policy/deliverable.task.complete.v1
Content-Type: application/json

{
  "context": {
    "agent_id": "YOUR_APORT_AGENT_ID",
    "task_id": "TASK_IDENTIFIER",
    "output_type": "code",
    "author_agent_id": "YOUR_APORT_AGENT_ID",
    "summary": "What you did — must meet minimum word count in your passport",
    "tests_passing": true,
    "criteria_attestations": [
      {
        "criterion_id": "criterion-slug-here",
        "met": true,
        "evidence": "Concrete evidence string"
      }
    ]
  }
}

Note: agent_id goes inside context, alongside the policy-specific fields.

Step 4 — Handle the response

ALLOW response

{
  "decision": {
    "decision_id": "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",
    "allow": true,
    "reasons": [
      { "code": "capability_verified", "message": "...", "severity": "info" }
    ],
    "created_at": "2026-03-13T09:00:00Z",
    "signature": "...",
    "policy_id": "deliverable.task.complete.v1",
    "agent_id": "ap_..."
  },
  "request_id": "..."
}

The task is done. You may mark it complete, close the ticket, open the PR. Reference the decision_id in your completion message for the audit trail.

DENY response

{
  "decision": {
    "decision_id": "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx",
    "allow": false,
    "reasons": [
      { "code": "oap.summary_insufficient", "message": "Summary is required...", "severity": "error" }
    ]
  },
  "request_id": "..."
}

Do not mark the task done. Check decision.reasons[].code for the deny code. Fix the issue and retry.

deny_code What it means What to do
oap.summary_insufficient Summary too short or missing Rewrite summary with more detail
oap.tests_not_passing Tests failing or not submitted Fix tests, resubmit with tests_passing: true
oap.criteria_not_met A criterion has met: false Resolve the criterion, re-attest
oap.evidence_missing An attestation has no evidence Add a concrete evidence string
oap.criteria_incomplete Missing attestation for a criterion Add attestations for all passport criteria
oap.self_review_not_allowed Reviewer and author are the same Get a different agent to review
oap.blocked_pattern_detected Output contains blocked content Remove blocked patterns, resubmit
oap.passport_suspended Passport is suspended Contact APort — your passport needs attention
oap.unknown_capability Passport missing deliverable.task.complete Create a new passport with a deliverable contract

Step 5 — Announce completion

Once you receive allow: true, tell the user:

  • What you completed
  • The decision_id (if they want the audit trail)
  • Any next steps

Do not say "done" before receiving allow: true. The contract defines done, not you.

Retry behaviour

The deny_code is designed for autonomous retry. If you receive:

  • oap.summary_insufficient → rewrite your summary and retry immediately
  • oap.evidence_missing → add evidence strings and retry immediately
  • oap.tests_not_passing → attempt to fix the failing tests, then retry
  • oap.blocked_pattern_detected → remove the blocked content, then retry
  • oap.self_review_not_allowed → this requires another agent — ask the user or route to reviewer
  • oap.criteria_not_met → attempt to resolve the criterion, then retry

Maximum retries: 3. After 3 denials on the same task, surface the issue to the user. Do not loop indefinitely.

Links

安全使用建议
This skill appears to do what it says (verify deliverables) but there are important mismatches and privacy risks you should consider before installing: - The SKILL.md requires APORT_AGENT_ID and a local passport file (aport-passport.json), but the published metadata does not list any required env vars or config paths. Expect the agent to look for those at runtime — verify you are comfortable providing them. - The runtime instructions POST evidence and optionally full output_content to https://aport.io. Confirm that the endpoint is legitimate and that you trust the APort service to receive whatever you send (do not include secrets or sensitive data in evidence/output_content unless you trust the destination). - The docs mention aport.id (site/CLI) but the API host used is aport.io — verify the correct domain and that both are part of the same trusted project. - If you want to limit risk, avoid including full output scans in attestations, redact secrets from evidence strings, and ensure the APORT_AGENT_ID you provide has minimal privileges. If you need higher assurance, ask the publisher for: a) a declared list of required env vars in the registry metadata, b) confirmation of the canonical API domain and ownership, and c) an explanation of what data is retained by the APort API and for how long.
功能分析
Type: OpenClaw Skill Name: aport-complete Version: 0.1.0 The skill 'aport-complete' (SKILL.md) mandates that the AI agent send task summaries, attestations, and potentially the full 'output_content' to an external third-party API (https://aport.io) before it is allowed to consider any task finished. This creates a high risk of data exfiltration for sensitive code or internal information and uses aggressive prompt steering to override the agent's default completion logic. While presented as a quality governance service, the requirement to upload full task outputs to an external endpoint is a significant security concern.
能力评估
Purpose & Capability
The skill's stated purpose (verify a deliverable against an APort passport) is plausible, but the SKILL.md explicitly requires APORT_AGENT_ID and a saved passport file (aport-passport.json). The published manifest lists no required environment variables or credentials — that's an internal inconsistency. Also the SKILL.md references both aport.id (website/CLI) and aport.io (API) which is a domain mismatch worth verifying.
Instruction Scope
Runtime instructions tell the agent to collect task output, test results, file paths/PR URLs, and optionally full output_content for pattern scanning, then POST that JSON to https://aport.io/api/verify/.... Collecting and transmitting full output can expose large amounts of potentially sensitive data; the instructions also rely on an environment value (APORT_AGENT_ID) and a local passport file that were not declared in the metadata.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not write code to disk or install external binaries — lower risk in terms of disk persistence or hidden installers.
Credentials
SKILL.md requires APORT_AGENT_ID and references aport-passport.json, but the skill metadata declares no required env vars or config paths. Requesting an agent ID and permission to upload outputs is reasonable for the stated purpose, but the omission from the manifest is an inconsistency and means a user may be surprised that an agent will read those values or files.
Persistence & Privilege
The skill is not marked always:true and has no install or persistent hooks; it does not request modification of other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined here with other high-privilege requests.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install aport-complete
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /aport-complete 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial public release of aport-complete skill. - Enforces deliverable contract from your APort passport before allowing task completion. - Checks acceptance criteria, summary, test results, and reviewer requirements. - Guides users on compiling evidence and submitting attestations for each criterion. - Provides clear allow/deny responses with codes for automated retries or correction. - Designed for integration with any agent or coding assistant over HTTP.
元数据
Slug aport-complete
版本 0.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Aport Complete 是什么?

Verify a completed task against your APort passport's deliverable contract before marking it done. Enforces acceptance criteria, summary requirements, test s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 246 次。

如何安装 Aport Complete?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install aport-complete」即可一键安装,无需额外配置。

Aport Complete 是免费的吗?

是的,Aport Complete 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Aport Complete 支持哪些平台?

Aport Complete 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Aport Complete?

由 Uchi Uchibeke(@uchibeke)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论