← 返回 Skills 市场
Project Code Standard
作者
forestxieCode
· GitHub ↗
· v0.1.0
406
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install project-code-standard
功能描述
此 skill 用于检查、执行和修复项目代码规范。当用户需要为项目建立代码风格标准、 检查代码是否符合规范、自动修复格式问题、生成代码质量报告,或在 Code Review 中验证提交是否满足团队规范时激活。支持 Python (PEP8/black/ruff)、JavaScript/ TypeScript (E...
安全使用建议
This SKILL.md describes reasonable code-quality actions, but it does not include the helper scripts or assets it references. Before installing or invoking the skill, verify where scripts/check_python.py, scripts/check_js.py, scripts/check_general.py and the assets/ templates are expected to come from. If the agent will execute scripts inside your repository, inspect those scripts manually first (or run the skill in a sandboxed copy of the repo). Ensure linters (ruff, black, eslint, prettier) are installed from trusted sources. Be especially cautious about allowing automatic fixes: confirm the skill asks for explicit user permission before modifying files, and consider disabling autonomous execution of fix steps until you have reviewed the tooling and scripts.
功能分析
Type: OpenClaw Skill
Name: project-code-standard
Version: 0.1.0
The skill's stated purpose is benign (code quality checks and formatting). However, the `SKILL.md` instructions for the AI agent involve executing shell commands with user-controlled input, specifically `<target_path>` in commands like `python scripts/check_python.py <target_path> --output markdown`. If the OpenClaw agent does not properly sanitize or quote this input before execution, it creates a significant shell injection vulnerability, potentially leading to arbitrary command execution. While there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, backdoors), this critical vulnerability warrants a 'suspicious' classification.
能力评估
Purpose & Capability
The skill description (linting/formatting for Python and JS/TS) matches the runtime commands (ruff, eslint, black, prettier) and the described flows. However, SKILL.md repeatedly references helper scripts (e.g., python scripts/check_python.py, scripts/check_js.py, scripts/check_general.py) and an assets/ directory for templates that are NOT provided by the skill package. It's unclear whether those scripts are expected to already exist in the user's project, provided by a separate install step, or omitted — this is an inconsistency between claimed capability and what's actually packaged.
Instruction Scope
Instructions stay within the domain of code-quality checks (inspect repo root, run linters, optionally fix files, produce a markdown report). They explicitly say to avoid overwriting existing configs and to ask user confirmation before automatic fixes, which is good. But the instructions direct the agent to execute arbitrary scripts from the project's scripts/ path (if present). Running project-local scripts means the agent could execute arbitrary repository code — functionally relevant but a potentially risky action that the SKILL.md does not advise the user to inspect first.
Install Mechanism
No install spec is provided (instruction-only), which reduces the skill's ability to write files or pull code on install. However, the runtime assumes external tools (ruff, black, eslint, prettier) and non-existent local helper scripts/assets. Because there is no guidance to install these tools from trusted sources or to verify the helper scripts before execution, there is operational ambiguity and a modest risk if the agent runs commands in a repository with untrusted code.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no disproportionate credential demands relative to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent privileges. Autonomous invocation is allowed by default but is expected for this type of skill. There is no indication the skill modifies other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install project-code-standard - 安装完成后,直接呼叫该 Skill 的名称或使用
/project-code-standard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of project-code-standard — a tool for checking, enforcing, and fixing code standards across projects.
- Supports Python (PEP8/black/ruff), JavaScript/TypeScript (ESLint/Prettier), and general project rules (naming, comments, structure).
- Identifies project type, runs appropriate lint/format checks, and summarizes results in a markdown report.
- Offers automated fixes with user confirmation.
- Can generate starter configuration files for new projects.
- Respects existing project lint configurations and avoids modifying files without explicit approval.
元数据
常见问题
Project Code Standard 是什么?
此 skill 用于检查、执行和修复项目代码规范。当用户需要为项目建立代码风格标准、 检查代码是否符合规范、自动修复格式问题、生成代码质量报告,或在 Code Review 中验证提交是否满足团队规范时激活。支持 Python (PEP8/black/ruff)、JavaScript/ TypeScript (E... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 406 次。
如何安装 Project Code Standard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install project-code-standard」即可一键安装,无需额外配置。
Project Code Standard 是免费的吗?
是的,Project Code Standard 完全免费(开源免费),可自由下载、安装和使用。
Project Code Standard 支持哪些平台?
Project Code Standard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Project Code Standard?
由 forestxieCode(@forestxiecode)开发并维护,当前版本 v0.1.0。
推荐 Skills