← 返回 Skills 市场
hickhe

Code Archaeology

作者 roboe · GitHub ↗ · v2.5.0 · MIT-0
cross-platform ⚠ suspicious
147
总下载
1
收藏
1
当前安装
8
版本数
在 OpenClaw 中安装
/install code-archaeology
功能描述
Analyze legacy codebases to extract business rules, technical specifications, and migration requirements. Use when analyzing PHP, Java, Python, or other lega...
使用说明 (SKILL.md)

Code Archaeology Skill

Overview

Code Archaeology is a systematic analysis methodology for understanding legacy codebases and extracting actionable insights for modernization. This skill provides tools and workflows for:

  • Business Rule Extraction: Identify and document business logic from legacy code
  • Technical Specification Generation: Extract data models, API contracts, and system architecture
  • Security Risk Assessment: Identify security vulnerabilities and technical debt
  • Migration Planning: Generate detailed migration requirements and task breakdowns
  • AI Plan Generator Integration: Convert analysis results into AI-executable context documents

Unified Directory Structure

Code Archaeology results are organized in a standardized directory structure:

{project}_code_archaeology/
├── results/                    # Primary analysis outputs (for AI integration)
│   ├── {project}_api_analysis.md
│   ├── {project}_security_audit_results.md
│   ├── {project}_performance_analysis.md
│   ├── {project}_technical_debt_assessment.md
│   ├── {project}_optimization_recommendations.md
│   └── {project}_code_archaeology_final_report.md
├── process/                   # Detailed analysis artifacts (30+ files)
│   ├── 01-system-constants-analysis.md
│   ├── 02-database-schema-analysis.md
│   ├── 03-business-domain-file-list.md
│   ├── {domain}-analysis.md (per business domain)
│   └── round2_progress.json
├── source/                    # Original source code reference
│   └── {project}/
└── {project}_archaeology_status.json  # Analysis status tracking

Core Capabilities

1. Multi-Round Analysis

  • Round 1: Business domain mapping and core architecture analysis
  • Round 2: Deep technical assessment (security, performance, optimization)

2. Domain-Specific Analysis

  • Financial Management: Payment processing, invoicing, reconciliation
  • Customer Management: User authentication, profile management
  • Contract Management: Contract lifecycle, status transitions
  • Supply Chain: Inventory, procurement, logistics

3. Security Risk Identification

  • Critical: Hardcoded credentials, SQL injection vulnerabilities
  • High: Weak password storage, session management issues
  • Medium: XSS/CSRF protection gaps, insecure file permissions

4. Technical Debt Assessment

  • Architecture: Monolithic limitations, lack of layered architecture
  • Code Quality: Code duplication, outdated language features
  • Maintainability: Missing documentation, poor test coverage
  • Performance: Database query optimization, caching mechanisms

AI Plan Generator Integration

Code Archaeology results can be directly consumed by AI Plan Generator to create:

  • Campaign Documents: Strategic migration plans with clear boundaries
  • Context Documents: AI-executable business rules and technical specifications
  • Task Decomposition: Detailed implementation tasks with priorities and dependencies
  • Validation Standards: Comprehensive testing requirements and acceptance criteria

Integration Workflow

# 1. Run Code Archaeology analysis
code-archaeology analyze legacy-project --output-dir legacy_project_code_archaeology

# 2. Generate AI Plan Generator context from archaeology results  
ai-plan-generator generate-context-from-archaeology \
  /path/to/legacy_project_code_archaeology \
  context-documents \
  finance

# 3. Validate context document completeness
ai-plan-generator analyze-completeness context-documents

# 4. Create ClawTeam migration team
clawteam create --name "finance-migration" --description-file campaign.md

Usage Guidelines

When to Use

  • Legacy System Modernization: Planning migration from PHP 5.x, legacy Java, etc.
  • Business Logic Documentation: Extracting undocumented business rules
  • Security Remediation: Identifying and prioritizing security vulnerabilities
  • Technical Debt Reduction: Planning systematic codebase improvements

Input Requirements

  • Source Code Access: Full access to legacy codebase
  • Business Context: Understanding of business domains and requirements
  • Target Architecture: Clear vision of target modern architecture

Output Artifacts

  • Comprehensive Reports: Executive summaries and detailed technical analysis
  • Actionable Recommendations: Prioritized improvement and migration tasks
  • Risk Assessments: Security and business continuity risk evaluations
  • Integration Ready: Structured data for AI Plan Generator consumption

Best Practices

Analysis Process

  1. Start Broad: Begin with high-level business domain mapping
  2. Go Deep: Focus on critical domains (financial, security-sensitive)
  3. Validate Findings: Cross-reference analysis results with business stakeholders
  4. Iterate: Refine analysis based on feedback and new discoveries

Documentation Standards

  • Machine Readable: Structure outputs for AI consumption
  • Human Understandable: Provide clear explanations for business stakeholders
  • Action Oriented: Focus on actionable insights and recommendations
  • Version Controlled: Track analysis evolution over time

Integration Patterns

  • ClawTeam Orchestration: Use analysis results to drive multi-agent coordination
  • Continuous Validation: Regularly validate AI interpretations against original code
  • Feedback Loops: Use implementation results to refine future analyses

Example Use Cases

Financial Module Migration

Input: Legacy PHP financial system with hardcoded credentials Analysis: Identifies payment processing logic, security vulnerabilities, data models Output: Complete migration plan with security remediation and validation standards

User Authentication Modernization

Input: Custom authentication system with weak password storage Analysis: Extracts user management workflows, identifies security gaps Output: Modern authentication implementation plan with proper security controls

API Standardization

Input: Inconsistent RPC-style APIs across multiple modules Analysis: Documents all API endpoints, request/response formats, error handling Output: RESTful API redesign specification with backward compatibility strategy

Code Archaeology transforms legacy code understanding from an art into a systematic, repeatable science that powers AI-driven modernization.

Integration Scripts

This skill includes integration scripts for converting Code Archaeology results to AI Plan Generator format:

  • convert-to-ai-plan-generator.cjs: Main conversion utility
  • code-archaeology-integrator.cjs: Core parsing and extraction logic
  • process-file-manager.cjs: File location and organization management

Usage

node convert-to-ai-plan-generator.cjs /path/to/archaeology-results output-dir domain
安全使用建议
This skill appears to do what it says (analyze legacy code + produce migration/context docs), but it contains sloppy defaults and bugs. Before running: (1) Inspect the included scripts locally and fix the missing method or other errors; (2) do not run them directly against a production codebase — run in an isolated environment or on a copy; (3) override the default baseDir (/Users/admin/...) to a safe workspace to avoid accidental file writes; (4) be aware that outputs may include sensitive data from your source — treat outputs like secrets and store them appropriately; (5) ensure required external tools (ai-plan-generator, clawteam) and Node.js are deliberate and trusted. If you lack the ability to inspect or sandbox the code, treat this package with caution.
功能分析
Type: OpenClaw Skill Name: code-archaeology Version: 2.5.0 The code-archaeology skill bundle is a legitimate toolset designed for analyzing legacy codebases and generating migration plans. The included JavaScript files (code-archaeology-integrator.cjs, convert-to-ai-plan-generator.cjs, and process-file-manager.cjs) perform standard file system operations and string parsing to transform analysis results into structured formats. There is no evidence of data exfiltration, malicious execution, or prompt injection; the security risks mentioned in the documentation and code (e.g., hardcoded credentials like '123qwe') are clearly presented as examples of findings the tool is intended to identify within legacy target systems.
能力评估
Purpose & Capability
The name, README, SKILL.md and included scripts (integrator, converter, process-file-manager) are coherent with a legacy-code analysis -> generate migration/context-documents workflow. However the integrator expects specific file names prefixed with 'zbs_php_' and the default business domain is hardcoded to 'finance', which narrows applicability without justification. _meta.json version (2.4.0) differs from registry version (2.5.0) — a minor metadata inconsistency.
Instruction Scope
Runtime instructions ask the agent to read full source trees and produce many local artifacts (expected for this tool). The scripts create and write files on disk and the ProcessFileManager has a hardcoded default baseDir of '/Users/admin/.openclaw/workspace' (creates folders and files there) which is surprising and platform-specific. The SKILL.md also references external CLI tools (ai-plan-generator, clawteam) that are not included; the convert script calls integrator.generateValidationStandards(), but that method is not defined in the integrator — this is a runtime bug that could cause errors during execution. No instructions request secrets, but outputs may contain sensitive business code and credentials if present in the analyzed source (so exercising principle of least privilege is important).
Install Mechanism
There is no install spec (instruction-only skill), so nothing will be automatically downloaded or installed by the platform. The included Node.js scripts are present but will only run if the user or agent executes them. This is lower-risk than remote downloads, but local execution still writes files.
Credentials
The skill declares no required environment variables or credentials (good). However it assumes a Node.js runtime (README notes Node.js v14+) and local filesystem access to the legacy codebase — which is expected for its purpose. The integrator generates integration configs (database, redis, enterprise_wechat) that may imply further credentials are needed downstream, but none are declared here.
Persistence & Privilege
The skill does not set always:true and does not request platform-wide privileges. Nevertheless, its ProcessFileManager defaults to writing into a hardcoded user path (/Users/admin/.openclaw/workspace) and will create project directories and files there if executed — this persistent file activity is surprising and could pollute or overwrite user workspace if run without checking the path. The skill does not modify other skills' configuration.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install code-archaeology
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /code-archaeology 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.5.0
Added AI Plan Generator integration with unified directory structure support and conversion scripts
v2.4.0
Added support for mainstream languages: Java, Node.js, Python, Vue.js in addition to existing PHP support
v2.3.0
Enhanced documentation highlighting powerful business intelligence capabilities: business rules extraction, PRD generation, and workflow analysis
v2.2.0
Updated to full English documentation with separate Chinese example file (EXAMPLE_CN.md)
v2.1.0
Added bilingual Chinese-English documentation for better accessibility
v2.0.0
Renamed from Code Archaeology V2 to Code Archaeology with improved documentation and structure
v1.0.1
Improved skill package with cleaner structure and better documentation
v1.0.0
Initial release of Code Archaeology—an advanced system for deep legacy codebase analysis. - Introduces a comprehensive two-phase workflow: discovery & mapping, then deep technical assessment. - Automates business domain mapping, architecture analysis, security auditing, and technical debt assessment. - Generates executive summaries, detailed reports, and prioritized optimization recommendations. - Modular sub-skill architecture for scan/indexing, domain analysis, vulnerability tracking, and reporting. - Designed for PHP and adaptable to other languages; requires bash, git, and PHP.
元数据
Slug code-archaeology
版本 2.5.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 8
常见问题

Code Archaeology 是什么?

Analyze legacy codebases to extract business rules, technical specifications, and migration requirements. Use when analyzing PHP, Java, Python, or other lega... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 147 次。

如何安装 Code Archaeology?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install code-archaeology」即可一键安装,无需额外配置。

Code Archaeology 是免费的吗?

是的,Code Archaeology 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Code Archaeology 支持哪些平台?

Code Archaeology 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Code Archaeology?

由 roboe(@hickhe)开发并维护,当前版本 v2.5.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论