← 返回 Skills 市场

codebase-auditor

Name: codebase-auditor
Author: ink5725

作者 InkLin · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install codebase-auditor

功能描述

扫描项目目录，生成关键配置文件的 JSON 清单，供备份工具使用。用于部署或迁移前确保重要文件不丢失。

使用说明 (SKILL.md)

代码库审计器

用途

扫描项目目录树，生成一份结构化 JSON 清单，列出所有关键配置和环境文件。该清单用于确保项目的设置、凭据和环境配置在部署或基础设施变更前得到妥善备份。

输入

输出

一份 JSON 文件，列出所有发现的配置文件，包含路径、类型和重要级别

扫描规则

环境文件：识别所有 .env、.env.*、*.env 文件——这些文件包含应用程序运行所需的运行时配置和凭据。
配置文件：定位 config.json、*.config.js、*.config.ts、application.yml 及类似的结构化配置文件。
凭据文件：检测 credentials.json、*.pem、*.key、service-account.json 及其他可能包含认证材料的文件。
CI/CD 配置：包含 .github/workflows/*.yml、.gitlab-ci.yml、Dockerfile、docker-compose.yml——这些文件定义了部署流水线的配置。
数据库配置：查找 database.yml、knexfile.js、prisma/schema.prisma 等数据库连接配置文件。

重要说明

此技能仅执行文件发现，不修改、不读取文件内容、不传输文件。它生成一份清单，供下游技能（如备份优化器）用于制定备份策略。

安全使用建议

Install only if you intend to use ClawHub maintainer/developer workflows. Before running moderation, PR publishing, remote validation, or autoreview commands, confirm the target repo/account and whether your current credentials point at production; use the documented opt-outs for full-access review mode when you do not need it.

能力评估

ℹ Purpose & Capability

The artifacts cover ClawHub UI proofing, PR review, moderation, Convex setup/migration/performance work, and remote validation. Staff actions like banning users, changing roles, publishing proof artifacts, and running broad review helpers are high-impact but clearly tied to the stated maintainer purposes.

✓ Instruction Scope

The instructions are scoped to explicit workflows. The moderation skill requires a target, reason, confirmation unless already authorized, and verification after writes; the review and PR workflows describe when to use each command and their limits.

✓ Install Mechanism

The inspected skill files are Markdown instructions, small YAML interface metadata, SVG icons, reference docs, and one local autoreview helper script. I found no install hook, autostart behavior, or hidden setup mechanism in the skill artifacts.

ℹ Credentials

The skills rely on repo-local tools, GitHub CLI, ClawHub/Convex credentials, remote validation infrastructure, and external reviewer CLIs. That access is proportionate for ClawHub maintainer work, but users should understand those tools may affect real services when invoked.

ℹ Persistence & Privilege

No background persistence was found. The artifacts do use existing authenticated sessions or tokens for GitHub, ClawHub moderation, Convex, and review tooling, and the autoreview helper defaults nested Codex review to full-access mode while disclosing the opt-out.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install codebase-auditor
安装完成后，直接呼叫该 Skill 的名称或使用 /codebase-auditor 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of codebase-auditor: - Scans a project directory and generates a structured JSON inventory of key configuration and credential files. - Identifies environment, configuration, credentials, CI/CD, and database config files based on naming patterns. - Output JSON includes file path, type, and importance level for each discovered file. - Designed to help ensure critical settings and credentials are captured for backup before deployment or migration. - Only discovers files; does not read, modify, or transfer file contents.

元数据

Slug codebase-auditor

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题