← 返回 Skills 市场
ryudi84

Sovereign Project Guardian

作者 ryudi84 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
561
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install sovereign-project-guardian
功能描述
Project health and best practices enforcer. Checks security, quality, documentation, CI/CD, and dependencies. Produces a letter grade (A-F) with actionable f...
安全使用建议
This skill is coherent and does what it claims: it inspects a repository and reports problems. Before running it, consider: (1) run it against a copy or non-sensitive checkout if your repo contains secrets you don't want processed; the skill will scan all files and could surface secrets in its report; (2) expect it to recommend or run local audit tools that may require network access or installed tooling; (3) only allow the agent access to repos you trust, and monitor any outbound network activity from the agent if you are concerned about sensitive data leaving your environment. If you prefer, run the checks locally (using the examples in EXAMPLES.md) rather than granting the agent direct repository access.
功能分析
Type: OpenClaw Skill Name: sovereign-project-guardian Version: 1.0.0 The skill is designed to audit project health, including security vulnerabilities like hardcoded secrets and insecure dependencies. While its intent is benign, the `SKILL.md` instructs the AI agent to 'recommend running `npm audit`, `pip-audit`, `govulncheck`, `cargo audit`'. An agent might interpret this as an instruction to execute these external commands. If the agent's execution environment lacks robust input sanitization or sandboxing when running such commands, it could introduce a shell injection vulnerability, allowing for arbitrary command execution. This represents a significant vulnerability risk, classifying it as suspicious rather than benign, despite the lack of clear malicious intent for data exfiltration or persistence.
能力评估
Purpose & Capability
Name/description match the instructions: the SKILL.md describes repository discovery and a set of checks (security, quality, docs, CI/CD) and all required checks act on repository files and metadata. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
Instructions direct the agent to scan the entire repository (files, manifests, .git history, .gitignore) and to run or recommend dependency-audit tools (npm audit, pip-audit, govulncheck, cargo audit). This is appropriate for a project auditor, but it means the skill will process all file contents (including any secrets committed). It does not instruct the agent to read unrelated system files or transmit results to unknown external endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files to write to disk. Lowest-risk installation footprint; no downloads, no brew/npm installs specified by the skill itself.
Credentials
The skill requires no environment variables or credentials. Any commands it recommends (e.g., npm audit) may require network access or installed tooling, but that is proportional to its auditing purpose.
Persistence & Privilege
always:false and no special config changes requested. The skill does not request permanent presence or modify other skills' configuration. Autonomous invocation is enabled by platform default but is not combined with other risky privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install sovereign-project-guardian
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /sovereign-project-guardian 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Sovereign Project Guardian v1.0.0 – Initial release - Introduces automated enforcement of project best practices for security, quality, documentation, CI/CD, and dependencies. - Audits repositories for secrets, dependency security, testing, linting, type safety, and documentation standards. - Assigns a letter grade (A–F) based on systematic checks with prioritized, actionable fixes. - Security issues take highest priority and automatically limit the possible grade. - Designed to help developers maintain high project health and address critical issues early.
元数据
Slug sovereign-project-guardian
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Sovereign Project Guardian 是什么?

Project health and best practices enforcer. Checks security, quality, documentation, CI/CD, and dependencies. Produces a letter grade (A-F) with actionable f... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 561 次。

如何安装 Sovereign Project Guardian?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sovereign-project-guardian」即可一键安装,无需额外配置。

Sovereign Project Guardian 是免费的吗?

是的,Sovereign Project Guardian 完全免费(开源免费),可自由下载、安装和使用。

Sovereign Project Guardian 支持哪些平台?

Sovereign Project Guardian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Sovereign Project Guardian?

由 ryudi84(@ryudi84)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论