← 返回 Skills 市场
charlie-morrison

Composer JSON Validator

作者 charlie-morrison · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
82
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install composer-json-validator
功能描述
Validate and lint PHP Composer composer.json files for structure, dependencies, autoload, and best practices. Use when asked to lint, validate, check, or aud...
使用说明 (SKILL.md)

Composer JSON Validator

Validate and lint PHP Composer composer.json files for structure, dependencies, autoload configuration, and best practices.

Commands

lint — Run all lint checks

python3 scripts/composer_json_validator.py lint composer.json
python3 scripts/composer_json_validator.py lint composer.json --strict
python3 scripts/composer_json_validator.py lint composer.json --format json
python3 scripts/composer_json_validator.py lint composer.json --format markdown

dependencies — Inspect require/require-dev

python3 scripts/composer_json_validator.py dependencies composer.json
python3 scripts/composer_json_validator.py dependencies composer.json --format json

scripts — Inspect scripts section

python3 scripts/composer_json_validator.py scripts composer.json
python3 scripts/composer_json_validator.py scripts composer.json --format markdown

validate — Full validation (structure + lint + summary)

python3 scripts/composer_json_validator.py validate composer.json
python3 scripts/composer_json_validator.py validate composer.json --strict --format json

Flags

Flag Description
--strict Exit code 1 on warnings (CI-friendly)
--format text Human-readable output (default)
--format json Machine-readable JSON
--format markdown Markdown report

Lint Rules (22 checks)

Structure (5)

  1. Valid JSON syntax
  2. Required fields: name, description, type
  3. Valid package name format (vendor/package)
  4. Valid type value (library, project, metapackage, composer-plugin)
  5. license field present and valid SPDX identifier

Dependencies (6)

  1. No duplicate packages across require and require-dev
  2. Version constraints use valid operators (^, ~, >=, etc.)
  3. No dev-only packages in require (phpunit, mockery, etc.)
  4. No wildcard * versions
  5. PHP version constraint present in require
  6. ext-* dependencies are explicit (not *)

Autoload (4)

  1. PSR-4 autoload defined
  2. Namespace ends with \\ (PSR-4 convention)
  3. No duplicate namespaces across autoload entries
  4. autoload-dev separate from autoload

Best Practices (7)

  1. scripts section present
  2. No post-install-cmd/post-update-cmd executing arbitrary URLs
  3. config.sort-packages enabled
  4. minimum-stability explicit when not stable
  5. prefer-stable set when minimum-stability is not stable
  6. No hardcoded absolute paths in autoload
  7. All repository URLs use HTTPS

Exit Codes

Code Meaning
0 No errors (warnings allowed unless --strict)
1 Errors found (or warnings in --strict mode)
2 Invalid arguments / file not found

Example Output

composer.json lint results
==========================
[ERROR]   name: Package name must match vendor/package format
[WARN]    dependencies: phpunit/phpunit found in require (should be in require-dev)
[WARN]    autoload: config.sort-packages not enabled
[INFO]    scripts: scripts section present

Summary: 1 error(s), 2 warning(s), 1 info
安全使用建议
This skill appears internally consistent: its description, SKILL.md, and the included Python script (so far) match a composer.json linter. Before installing or running it, open and review the entire scripts/composer_json_validator.py file yourself (or have someone you trust do so) to confirm it does not: (1) call out to the network (requests/curl/wget/subprocess), (2) execute arbitrary shell commands, (3) read unrelated files or environment variables, or (4) write files outside a safe working directory. If you cannot review the full script, run it in an isolated sandbox/container with only the composer.json you want to lint. Also note the skill listing mentions a $49 price in STATUS.md — verify licensing and payment expectations before publishing or paying.
功能分析
Type: OpenClaw Skill Name: composer-json-validator Version: 1.0.0 The skill is a legitimate utility for validating and linting PHP Composer 'composer.json' files. The Python script (scripts/composer_json_validator.py) performs static analysis on the JSON structure, dependencies, and autoload configurations without executing external commands or making network requests. It includes security-focused checks, such as Rule 17 which detects potential 'curl' or 'wget' execution within the analyzed file's scripts section, demonstrating a defensive design rather than malicious intent.
能力标签
crypto
能力评估
Purpose & Capability
Name, description, SKILL.md usage examples, and the included script all align: the skill is a composer.json linter and the runtime instructions call the bundled Python script against a composer.json file. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md only instructs running the bundled script (python3 scripts/composer_json_validator.py) with the target composer.json and flags for format/strictness. It does not ask the agent to read arbitrary system files, environment variables, or post data to external endpoints in the instructions.
Install Mechanism
There is no install spec (instruction-only invocation of a bundled script). Nothing will be downloaded or written to disk beyond the existing packaged files. This is low-risk relative to remote-install behaviors.
Credentials
The skill declares no required environment variables or credentials, which is proportionate. The bundled script appears to read only the composer.json file passed on the command line. However, the Python source was truncated in the provided bundle listing, so it is not possible to confirm it does not access environment variables, other files, or network resources.
Persistence & Privilege
The skill does not request always: true and has no install-time actions declared that would persist or modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) — note this is normal but means the skill could be run without direct user prompting if the agent chooses to.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install composer-json-validator
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /composer-json-validator 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
Slug composer-json-validator
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Composer JSON Validator 是什么?

Validate and lint PHP Composer composer.json files for structure, dependencies, autoload, and best practices. Use when asked to lint, validate, check, or aud... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 82 次。

如何安装 Composer JSON Validator?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install composer-json-validator」即可一键安装,无需额外配置。

Composer JSON Validator 是免费的吗?

是的,Composer JSON Validator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Composer JSON Validator 支持哪些平台?

Composer JSON Validator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Composer JSON Validator?

由 charlie-morrison(@charlie-morrison)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论