← 返回 Skills 市场
65
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install nm-imbue-scope-guard
功能描述
Pre-implementation scope control: evaluate feature necessity and enforce branch size limits
安全使用建议
Before installing or enabling this skill, check the following: 1) Ensure you run it in a repository context where creating GitHub issues/discussions is intended. The skill assumes git, gh (GitHub CLI), and python3 are available and that an authenticated gh session (or GH token) exists—yet none are declared. 2) Confirm the referenced helper script (scripts/deferred_capture.py) exists in your repo; if not, the automation will fail or behave unexpectedly. 3) Review the default behavior to publish Discussions (it's the default action); if you don't want automated public posting, change the workflow to require explicit confirmation or disable Discussion creation. 4) Limit the GitHub token scopes used by the agent (least privilege) and consider using a test/fork repo first to observe behavior. 5) If you plan to allow autonomous agent invocation, restrict or require approval for actions that create remote artifacts (issues/discussions). If these issues are acceptable and you run the skill interactively in a controlled repo with appropriate credentials and scripts present, the skill appears coherent with its purpose; if not, treat with caution.
功能分析
Type: OpenClaw Skill
Name: nm-imbue-scope-guard
Version: 1.0.0
The skill bundle implements a scope-management workflow that utilizes shell commands for git metrics and GitHub CLI (gh) for issue and discussion creation (modules/github-integration.md, modules/branch-management.md). It also references an external Python script (scripts/deferred_capture.py) that is not provided in the bundle, making it impossible to verify the full logic of the 'deferred capture' process. While the behavior appears aligned with the stated purpose of preventing overengineering, the reliance on high-privilege shell execution and external artifacts warrants a suspicious classification.
能力评估
Purpose & Capability
The name/description (pre-implementation scope control, branch size limits) align with the SKILL.md: it scores features, checks backlog, enforces branch budgets, and documents deferrals via GitHub. Expectation to read repo files and run git checks is coherent. However, the skill's metadata declares no required binaries or credentials while the instructions clearly assume availability of git, gh (GitHub CLI), and python3 (and repository scripts). That mismatch is a design inconsistency to be aware of.
Instruction Scope
Instructions direct the agent to run git commands, inspect docs/backlog/queue.md, and create GitHub issues and Discussions (using gh CLI and GraphQL). They also call a local helper: python3 scripts/deferred_capture.py. Those actions are within the skill's purpose, but they will read repo contents and post potentially sensitive decision context to the remote GitHub repo by default (Discussion publishing is the default). The SKILL.md does not bundle the referenced script(s) nor declare the need for gh/gh auth: the agent may attempt operations that fail or (if credentials exist) create posts without clear prompts. The instructions are prescriptive about creating persistent external records (issues/discussions), which raises privacy/operational considerations.
Install Mechanism
This is an instruction-only skill with no install spec and no code files included in the bundle—low install risk. No network downloads or archive extraction are performed by the skill package itself.
Credentials
Manifest lists no required environment variables or credentials, yet the runtime instructions assume authenticated GitHub access (gh auth) and write permissions to create issues/discussions, plus local access to git and python. The lack of declared primary credential or required env variables is disproportionate to the operations described. If the agent has access to a GH token or gh CLI authenticated session, the skill can create persistent public artifacts in repos—this capability should be explicitly documented and constrained.
Persistence & Privilege
The skill is not marked always:true, which is appropriate. However, it instructs creating GitHub issues and publishing Discussions by default; because model invocation is allowed (disable-model-invocation: false), an autonomously-invoking agent with GH credentials could post content without explicit user approval. This combination increases blast radius and should be managed (e.g., require manual confirmation before issuing network writes).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nm-imbue-scope-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/nm-imbue-scope-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial public release of the "scope-guard" skill to control scope and prevent overengineering.
- Enforces pre-implementation feature evaluation using a Worthiness formula.
- Introduces strict branch size limits and budget checks (default: 3 major features/branch).
- Provides workflows for scoring, deferral, and backlog management, including required GitHub issue creation on deferral.
- Anti-overengineering rules and integration guidance for brainstorming, planning, and execution phases.
- Includes queue and archive structures for managing deferred features, optimizations, refactors, and abstractions.
元数据
常见问题
Nm Imbue Scope Guard 是什么?
Pre-implementation scope control: evaluate feature necessity and enforce branch size limits. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 65 次。
如何安装 Nm Imbue Scope Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nm-imbue-scope-guard」即可一键安装,无需额外配置。
Nm Imbue Scope Guard 是免费的吗?
是的,Nm Imbue Scope Guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Nm Imbue Scope Guard 支持哪些平台?
Nm Imbue Scope Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nm Imbue Scope Guard?
由 athola(@athola)开发并维护,当前版本 v1.0.0。
推荐 Skills