← 返回 Skills 市场
SchemGuard
作者
sethclawd-prog
· GitHub ↗
· v0.1.2
560
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install schemaguard
功能描述
Detect breaking changes in OpenAPI specs. Use when reviewing API changes, validating PRs that modify API specs, checking backward compatibility, or linting O...
安全使用建议
This skill appears coherent for checking OpenAPI compatibility. Before installing or running it: (1) verify the npm package @sethclawd/schemaguard (owner, popularity, source code, recent release) because npx will fetch code from the registry at runtime; (2) be cautious running the --mcp server mode — check what network ports it binds to and whether it requires authentication; (3) run the tool in a sandbox or CI runner with limited permissions when first testing; and (4) avoid pointing it at sensitive files or credentials until you review the package source or vendor reputation.
功能分析
Type: OpenClaw Skill
Name: schemaguard
Version: 0.1.2
The skill is classified as suspicious due to its reliance on `npx` to download and execute an external package (`@sethclawd/schemaguard`) from the npm registry, as seen in `SKILL.md`. This introduces a significant supply chain risk, as the content of the external package is not directly controlled by the skill bundle and could be compromised or altered over time, potentially leading to the execution of malicious code. While the stated purpose of the commands appears benign (schema diffing, linting), the execution model delegates trust to an external, mutable dependency.
能力评估
Purpose & Capability
Name/description match the instructions: the SKILL.md shows npx commands invoking @sethclawd/schemaguard for diff, lint, and CI checks. Requiring npx is proportional to the stated goal.
Instruction Scope
Instructions are narrowly scoped to running the tool against OpenAPI spec files (old.yaml, new.yaml, openapi.yaml). The doc includes an MCP server mode (--mcp) that exposes command handlers; the file doesn't describe network bindings or auth, so you should confirm what that server exposes before running it in sensitive environments.
Install Mechanism
This is an instruction-only skill with no bundled code. It relies on npx to fetch and run the @sethclawd/schemaguard npm package at runtime. That is coherent with the purpose but carries the usual npm/supply-chain risk because the package code isn't included for inspection here.
Credentials
No environment variables, credentials, or config paths are requested. The declared requirements are minimal and appropriate for a CLI tool that operates on local spec files.
Persistence & Privilege
always:false (default) and no install hooks or modifications to other skills are present. Nothing in SKILL.md requests permanent elevated presence or cross-skill config changes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install schemaguard - 安装完成后,直接呼叫该 Skill 的名称或使用
/schemaguard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
- Initial release of schemaguard.
- Detects breaking changes in OpenAPI specifications, including removed endpoints, new required parameters, field type changes, and more.
- Provides CLI tools for diffing, linting, and CI compatibility checks of OpenAPI specs.
- Offers both human-readable and JSON output formats.
- Supports direct integration using the MCP server with exposed commands.
元数据
常见问题
SchemGuard 是什么?
Detect breaking changes in OpenAPI specs. Use when reviewing API changes, validating PRs that modify API specs, checking backward compatibility, or linting O... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 560 次。
如何安装 SchemGuard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install schemaguard」即可一键安装,无需额外配置。
SchemGuard 是免费的吗?
是的,SchemGuard 完全免费(开源免费),可自由下载、安装和使用。
SchemGuard 支持哪些平台?
SchemGuard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SchemGuard?
由 sethclawd-prog(@sethclawd-prog)开发并维护,当前版本 v0.1.2。
推荐 Skills