功能描述

Generate code that references actual documentation, preventing hallucination bugs. ALWAYS loads docs first, validates against API signatures, and verifies co...

使用说明 (SKILL.md)

Documentation-Accurate Code Generation

Name: Documentation-Accurate Code Generation
Author: tobisamaa

CRITICAL: This skill prevents LLM hallucination by enforcing documentation reference.

When to Use

ALWAYS when generating code
ALWAYS when using APIs
ALWAYS when creating configurations
ALWAYS when implementing features

Core Philosophy

NEVER generate code from memory. ALWAYS reference documentation.

The Problem

LLMs hallucinate APIs that don't exist
Methods get renamed or removed
Parameters change or get deprecated
Return types shift unexpectedly
Configuration formats evolve

The Solution

Load documentation FIRST — Before writing any code
Extract API signatures — Get actual method signatures
Generate from docs — Use real API data
Validate against docs — Check generated code matches
Reference tracking — Document which docs were used

Workflow

1. IDENTIFY → What code/API/tool is needed?
2. LOCATE → Find documentation source
3. LOAD → Fetch and parse documentation
4. EXTRACT → Pull API signatures, parameters, examples
5. GENERATE → Create code using actual docs
6. VALIDATE → Check code matches documentation
7. REFERENCE → Track what docs were used

Documentation Sources

1. OpenClaw Internal Docs

Location: C:\Users\clipp\AppData\Roaming\ pm\ ode_modules\openclaw\docs
Access: read tool
Use: For OpenClaw-specific APIs, tools, skills

2. Tool Documentation

Tool help: --help flags
Man pages: man \x3Ccommand>
Official docs: Use web_fetch to get docs

3. API Documentation

Official docs: Use web_fetch
OpenAPI specs: Parse and reference
Package docs: npm, pip, cargo docs

4. Code Examples

Existing code: Read similar implementations
Tests: Check test files for usage patterns
Examples: Find working code samples

Process for Code Generation

Step 1: Documentation Discovery

# For OpenClaw tools
read("openclaw-docs-path/tool-name.md")

# For external tools
web_fetch("https://docs.tool.com/api")

# For local tools
exec("tool --help")

Step 2: API Signature Extraction

# Extract:
- Method names
- Parameters (names, types, required/optional)
- Return types
- Error handling
- Examples
- Version information

Step 3: Code Generation

# Generate code using actual API data
def generate_from_docs(api_docs):
    # Use real method names
    # Use real parameter names
    # Use real return types
    # Include error handling from docs
    # Add docstrings from docs
    pass

Step 4: Validation

def validate_against_docs(code, api_docs):
    # Check method names match
    # Check parameter names match
    # Check types match
    # Check return types match
    # Verify no hallucinated methods
    pass

Quick Actions

codegen \x3Capi> — Generate code with doc reference
validate \x3Ccode> — Check code against docs
doc-lookup \x3Capi> — Load and display documentation
api-extract \x3Ctool> — Extract API signatures

Usage Examples

"Generate code to use the OpenClaw sessions_spawn tool"
# Process: Load docs → Extract API → Generate → Validate

"Create a Python script using the requests library"
# Process: Fetch requests docs → Extract API → Generate → Validate

"Write configuration for OpenClaw channels"
# Process: Load config docs → Extract format → Generate → Validate

Validation Rules

1. Method Name Validation

Check method exists in docs
Verify spelling matches exactly
Confirm method is not deprecated

2. Parameter Validation

All required parameters present
Parameter names match docs exactly
Parameter types match docs
Optional parameters marked correctly

3. Return Type Validation

Return type matches docs
Error types match docs
Edge cases handled

4. Configuration Validation

Keys match documentation
Value types match schema
Required fields present
Format matches specification

Error Prevention

Common Hallucination Patterns

Non-existent methods — Methods that don't exist
Wrong parameter names — Hallucinated parameter names
Wrong types — Incorrect parameter/return types
Missing error handling — Ignoring documented errors
Wrong configuration format — Incorrect config structure

Prevention Strategies

Always load docs first — Never generate from memory
Extract actual signatures — Don't guess API shape
Validate everything — Check against real docs
Reference tracking — Know which docs were used
Test with real APIs — Verify code actually works

Integration Points

With Other Skills

Coding skill: Use this for doc-accurate code
Self-evolution: Update skills with doc validation
Content generation: Generate accurate code examples
Research: Research APIs from actual docs

With OpenClaw Tools

read: Load internal documentation
web_fetch: Fetch external documentation
exec: Run tools with --help for docs
edit/write: Create validated code

Reference Tracking

Format

# Code Generation Reference

## Generated Code
- File: path/to/file.py
- Generated: 2026-02-23
- Tool: doc-accurate-codegen

## Documentation Sources
1. OpenClaw Tool Docs: /docs/tools/exec.md
2. API Reference: https://docs.example.com/api
3. Examples: /examples/exec-usage.py

## Validation
- ✅ Method names validated
- ✅ Parameters validated
- ✅ Return types validated
- ✅ Error handling validated

## Notes
- Using exec tool with sandbox mode
- All parameters from official docs
- Error handling from API reference

Output Template

When generating code, always include:

# Code generated with documentation reference
# Source: [documentation URL or path]
# Validated: [timestamp]
# API Version: [version if available]

def function_name():
    """
    [Docstring from actual documentation]
    
    Source: [link to docs]
    Parameters: [from docs]
    Returns: [from docs]
    """
    # Implementation using actual API
    pass

Best Practices

Docs First, Always — Never generate without loading docs
Exact Matches — Use exact names, types, formats from docs
Validate Everything — Check all generated code
Track References — Document which docs were used
Test Real APIs — Actually run the code to verify
Update Regularly — Re-check docs as APIs evolve
Error Handling — Include all documented errors
Examples — Reference working examples from docs

Common Pitfalls

Assuming API stability — APIs change, always re-check docs
Memory over docs — Trust docs, not memory
Partial loading — Load complete documentation
No validation — Always validate generated code
Missing references — Always track doc sources

Success Metrics

Hallucination rate: 0% (all code references actual docs)
Validation rate: 100% (all code validated)
Reference tracking: 100% (all code has doc sources)
Error rate: 0% (no API misuse)
Test pass rate: 100% (all generated code works)

Advanced Features

1. Automatic Doc Loading

Detect what APIs are needed
Automatically fetch relevant docs
Cache for future use

2. API Change Detection

Monitor docs for changes
Alert when APIs change
Suggest code updates

3. Multi-Source Validation

Cross-reference multiple doc sources
Detect conflicts between sources
Use most authoritative source

4. Example Extraction

Extract working examples from docs
Adapt examples to specific needs
Test examples before using

Integration with OpenClaw

Tool Documentation

# Get tool help
exec("tool --help")

# Read tool docs
read("openclaw/docs/tools/tool-name.md")

# Check tool examples
read("openclaw/examples/tool-usage.md")

Skill Documentation

# Read skill docs
read("skills/skill-name/SKILL.md")

# Check skill examples
read("skills/skill-name/examples/")

Configuration Documentation

# Read config docs
read("openclaw/docs/configuration.md")

# Check config examples
read("openclaw/examples/config/")

Remember: This skill exists because LLMs hallucinate. ALWAYS use it for code generation. The only way to prevent bugs is to reference actual documentation.

安全使用建议

Do not install yet. Ask the publisher to: (1) explain why BRAVE_API_KEY is required and what the key will be used for; (2) correct the install metadata (axios is a library—there should not be an 'axios' binary unless the author provides a real CLI) or provide a trustworthy install URL; (3) remove or justify the hard-coded local docs path (C:\Users\clipp\...) and declare any config paths the skill needs; (4) state whether the skill will read arbitrary local files or send any documentation off-host. If you must test it, run it in a restricted sandbox with no sensitive env vars, do not provide BRAVE_API_KEY, and monitor network and file access. If the author cannot satisfactorily explain these mismatches, treat the skill as untrusted.

功能分析

Type: OpenClaw Skill Name: doc-accurate-codegen Version: 1.0.0 The skill is classified as suspicious due to its explicit instructions for the AI agent to use powerful system and network interaction tools, even if presented for a benign purpose. Specifically, `SKILL.md` instructs the agent to use `exec` (e.g., `exec("tool --help")`) for documentation discovery, which grants arbitrary command execution capabilities. It also requires and instructs the use of `curl`, `jq`, `git`, `web_fetch`, and installs `axios` via npm, enabling broad network and file system access. While the stated goal is documentation-accurate code generation, these capabilities present a significant attack surface for potential abuse via prompt injection or agent deviation, allowing for RCE or data exfiltration if misused by a malicious actor or an unconstrained agent. The requirement for `BRAVE_API_KEY` also highlights a sensitive data point that could be targeted.

能力评估

⚠ Purpose & Capability

The declared required binaries (curl, jq, git) are plausible for fetching and parsing docs, but the required environment variable BRAVE_API_KEY does not relate to code generation or documentation fetching and is unexplained. The install spec claims to install an npm package 'axios' and create a binary named 'axios' — axios is a JS library (not normally a CLI binary), so the install metadata is inconsistent with the stated purpose.

⚠ Instruction Scope

SKILL.md instructs the agent to read local OpenClaw internal docs at a hard-coded Windows user path (C:\Users\clipp\AppData\Roaming\npm\node_modules\openclaw\docs) and to use tools like 'read', 'web_fetch', and 'exec'. However the skill declares no required config paths, and that exact local path is user-specific and unexpected. The instructions therefore request reading local files and executing local tooling without declaring or justifying that access.

⚠ Install Mechanism

The only install entry is an npm install of 'axios' that claims to create a binary named 'axios'. This is likely incorrect: axios is a library, not a CLI distributed as a binary. Misdeclared install metadata may indicate sloppy packaging or a mistaken/unsafe install step; no other install sources are provided. Overall installation risk is moderate because it's unclear what (if anything) will be written/executed on disk based on this spec.

⚠ Credentials

Asking for BRAVE_API_KEY (a named secret) is disproportionate to the documented functionality: the SKILL.md never explains why a Brave-related API key is necessary for documentation-driven codegen. The skill declares no primary credential but still lists a required env var. Additionally, the runtime instructions reference reading local documentation and examples (which could expose sensitive local content) while not declaring any config paths or giving justification for secret access.

ℹ Persistence & Privilege

The skill is not marked 'always: true' and is user-invocable, which is normal. It can be invoked autonomously (platform default) and the skill instructs use of local-read and network tools; combined with the other concerns this increases potential impact, but there is no explicit request for permanent installation or cross-skill config modification.

版本历史

v1.0.0

- Initial release of doc-accurate-codegen skill: generate code by referencing and validating against real documentation to prevent hallucination bugs. - Enforces a strict "docs-first" workflow for any code generation, API use, or configuration creation. - Always loads documentation, extracts actual API signatures, and validates generated code for accuracy. - Introduces tools for code generation, validation, doc lookup, and API extraction with full reference tracking. - Provides output templates and best practices for reliable, documentation-sourced code.

元数据

Slug doc-accurate-codegen

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题