← 返回 Skills 市场
190
总下载
1
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install project-analyzer
功能描述
SDD 软件设计文档生成器 - 基于 Harness Engineering 模式构建受控环境。 核心理念:通过架构约束、上下文工程、反馈循环、熵管理,让 AI 在约束下高效可靠地生成文档。 使用场景:(1) 新项目接入时生成 SDD 文档 (2) 生成开发规范 (3) 分析数据库结构 (4) 对接 Apifox...
安全使用建议
This skill appears to be what it says (an automated SDD/project analyzer) but it deliberately reads the full contents of a project, including config files and deployment manifests that often contain secrets (DB passwords, API keys, kube secrets). Before installing or running:
- Inspect the omitted files (especially agents/openai.yaml, scripts/main.py, and any other truncated modules) for network calls (search for 'requests', 'http', 'urllib', 'socket', 'openai', 'apifox', 'upload', 'POST') and any code that sends scanned data externally.
- Confirm whether Apifox/OpenAI integrations exist and, if so, what credentials they need and where those credentials are stored; the skill does not declare required env vars but may still attempt external sync.
- Do not run the tool directly on repositories that contain production secrets. Instead, run it on a sanitized copy or in an isolated VM/container.
- If you need to grant it access to a project with sensitive data, remove or redact secrets (or mount a curated subset of files) and monitor network activity during the first run.
Because several files were truncated in the provided bundle, I rate the assessment as medium-confidence — reviewing the omitted source (especially anything that references external endpoints or credentials) could move this to benign or reveal higher risk.
功能分析
Type: OpenClaw Skill
Name: project-analyzer
Version: 1.0.6
The project-analyzer skill is a legitimate tool designed to automate the generation of software design documentation (SDD) by scanning local project files. It utilizes a suite of Python scripts (scripts/main.py, scripts/project_scanner.py, scripts/database_scanner.py, etc.) and specific AI agent instructions (SKILL.md) to identify technology stacks, database schemas, and API endpoints. While the skill requires broad read access to source code and configuration files (e.g., pom.xml, application.yml, and SQL scripts) to perform its analysis, its behavior is strictly aligned with its stated purpose. There is no evidence of data exfiltration, credential theft, unauthorized remote execution, or malicious prompt injection.
能力评估
Purpose & Capability
Name/description (SDD generator) match the provided code: scanners, doc generator, constraint/feedback/entropy components and templates. Requiring python3 is appropriate and requested dependencies are proportional to the stated purpose.
Instruction Scope
SKILL.md and scripts explicitly instruct scanning and "must read" the full contents of many files (README, application.yml, Dockerfile, k8s/*.yaml, all Java controllers/entities, SQL files, migrations, etc.). This is coherent for code analysis, but it means the skill will read configuration and secret-bearing files (DB credentials, API keys, kube manifests). The instructions are prescriptive ("禁止跳过任何文件"), giving the agent broad read access to project data.
Install Mechanism
No install spec or remote downloads are used; code is bundled with the skill and runs under python3. This minimizes supply-chain install risk (nothing fetched from arbitrary URLs during install).
Credentials
The skill declares no required environment variables or credentials (good), but it will read project config files that commonly contain secrets. The README and manifest mention Apifox/OpenAI integration; omitted files (agents/openai.yaml and other truncated files) could reference external APIs or require credentials — this is not declared in requires.env and should be inspected.
Persistence & Privilege
always:false and no declared config paths or system modifications. The skill does not request persistent platform-wide privileges in the manifest. Autonomous invocation is allowed by default (platform behavior) but not combined here with explicit always:true or extra credential access.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install project-analyzer - 安装完成后,直接呼叫该 Skill 的名称或使用
/project-analyzer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
**Summary: Major internal refactor introducing implementation scripts and removing obsolete reference docs.**
- Added core implementation scripts for scanning, analyzing, and generating documents (e.g., api_scanner.py, doc_generator.py, feedback_loop.py).
- Introduced structured configuration and template files to support modular document generation.
- Provided project infrastructure files such as README.md, manifest.yaml, package.json, and requirements.txt.
- Removed legacy reference documentation and sample templates, consolidating guidance into new scripts and config templates.
- No changes to user-facing principles or documentation standards.
v1.0.5
## project-analyzer v5.0.0 (major update)
- 强化了“先扫描/读取,后生成”原则,严格要求所有文档类型都必须逐文件读取真实内容,禁止凭空假设或省略扫描步骤。
- 全面细化了 SDD 文档体系的各子类型,详细列明每类文档的必读文件、典型扫描命令、自检清单和规范性对照要求。
- 增加数据库类型与技术栈的自动推断依据,提升文档生成的准确性和系统性。
- 明确文档生成流程和每个环节的校验措施,新增“自检”与“内容对照”强制步骤,确保输出与真实源文件一致。
- 调整项目说明及标准流程表述,更侧重流程驱动和合规输出,避免遗漏和主观假设。
v1.0.4
**Major update: Introduces Harness Engineering concepts for higher control, reliability, and quality in AI-generated SDD documents.**
- Adopts Harness Engineering methodology, including constraints, context engineering, feedback loop, and entropy management to improve document generation quality.
- Adds architectural "constraints" for standardized output (format, structure, content, quality) and an automated constraint checker.
- Implements a "context builder" to inject rich project and technology context for more accurate, customized documentation.
- Introduces a "feedback loop" system with structural/content validators for iterative quality checks and automatic content fixing.
- Updates description and documentation to reflect the new design philosophy and major capability enhancements.
v1.0.3
2.0.0 brings a major upgrade with full SDD(Software Design Document)support:
- 全面升级为 SDD 软件设计文档自动生成:新增 SRS、SAD、SDD、DBD、APID、TSD 文档体系。
- 输出结构全新调整,支持标准 SDD 文档及开发规范分层。
- 提供详细的 SDD 文档模板,便于定制和补充需求。
- 配置项和使用方式同步更新,支持 SDD 相关选项配置。
- 优化开发规范文档检查及自动补全。
- 持续支持 Apifox 对接、DevOps 集成与多技术栈自动分析。
v1.0.2
- Added standards-detection.md to references, documenting project standards detection.
- Enhanced documentation on规范检查 (standards checking) and automatic standards file creation.
- New config options for controlling auto-creation and behavior of standards documentation.
- Now scans for existing standards docs and auto-creates missing ones as needed (with confirmation options).
- Improved process description for standards compliance in project analysis.
v1.0.0
project-analyzer 1.0.0
- 首次发布:自动分析多种技术栈项目并生成完整文档体系
- 支持 Java/Spring Boot、Node.js、Python、Go、React/Vue 前端项目
- 提供架构、数据库、开发规范、快速启动、测试规范等多类型文档生成
- 集成 Apifox:自动导出 OpenAPI 文档、同步接口、生成测试用例及报告
- 丰富自定义选项与模板,支持项目定制与 CI/CD 文档自动化
元数据
常见问题
project-analyzer 是什么?
SDD 软件设计文档生成器 - 基于 Harness Engineering 模式构建受控环境。 核心理念:通过架构约束、上下文工程、反馈循环、熵管理,让 AI 在约束下高效可靠地生成文档。 使用场景:(1) 新项目接入时生成 SDD 文档 (2) 生成开发规范 (3) 分析数据库结构 (4) 对接 Apifox... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 190 次。
如何安装 project-analyzer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install project-analyzer」即可一键安装,无需额外配置。
project-analyzer 是免费的吗?
是的,project-analyzer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
project-analyzer 支持哪些平台?
project-analyzer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 project-analyzer?
由 whisky(@whiskeyforsun)开发并维护,当前版本 v1.0.6。
推荐 Skills