← 返回 Skills 市场
xhuaustc

Spec Coder

作者 Pan Xiaohua · GitHub ↗ · v0.1.4 · MIT-0
cross-platform ⚠ suspicious
280
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install spec-coder
功能描述
Structured spec-first development workflow with multi-role expert review gates: clarify requirements, author spec documents (requirements/design/tasks), gene...
安全使用建议
This skill appears to implement a reasonable spec-first workflow, but there are a few things to check before installing or using it: - Repository/file access: the skill instructs the agent to read the project codebase and specs. If your repo contains secrets (.env files, API keys, private config), consider removing or redacting them before running the skill, or restrict the agent's workspace to only the docs/specs subtree. - Tooling & permissions: the workflow mentions generating code, running tests, and creating merge/delta commits, but the skill metadata does not list required tools (git, language runtimes, test runners) or required write permissions. Ensure the runtime environment has the appropriate build/test tools and grant the agent only the minimal filesystem/git permissions needed. - Auto-approve and review preferences: the skill supports auto-approval policies (including an explicit "Auto-approve all gates" preference). Treat these as sensitive settings — avoid enabling global auto-approve unless you fully trust the agent and audit outputs. - Audit generated changes: require a human review step (or a protected branch) before any automatic merge-to-trunk is applied. Prefer the skill generate delta.md and pull requests rather than making direct commits. - If you need higher assurance: ask the skill author for explicit lists of required binaries and exact commands the agent will run for Phase 0–4, and for an explicit scope of file paths the skill will read/write. If the author can't provide that, use the skill in a sandboxed repository copy only.
功能分析
Type: OpenClaw Skill Name: spec-coder Version: 0.1.4 The 'spec-coder' skill bundle implements a highly structured, spec-driven software development lifecycle (SDLC) workflow. It guides the agent through requirements gathering, technical design, code generation, and automated verification. Security is explicitly addressed in the 'expert-review-protocol.md' and 'templates.md' files, which instruct the agent to simulate a Security Expert role to check for input validation, parameterized queries, and hardcoded secrets. The high-privilege actions described (codebase scanning and test execution) are necessary for the stated purpose and are governed by a rigorous phase-gate system without any evidence of malicious intent, data exfiltration, or unauthorized persistence.
能力评估
Purpose & Capability
The name/description match the SKILL.md: it is a spec-first workflow that reads/writes spec files, generates code, runs reviews, and produces merge/delta instructions. That capability reasonably requires reading the project's specs and codebase. However, the skill declares no required binaries, no tooling, and no credentials despite describing phases that generate code and verify it with tests (Phase 3/4). The lack of declared toolchain (build/test runner, git) is a minor incoherence — the skill expects capabilities that are not enumerated in its metadata.
Instruction Scope
Runtime instructions explicitly tell the agent to read project files (specs/status.md, trunk specs, codebase files in Phase 0) and to generate artifacts (delta.md, spec_xxx.md, code + tests). Reading the codebase and spec tree is coherent for the stated purpose, but the skill does not explicitly restrict which repo paths to read (e.g., it doesn't say to avoid .env, credentials, or unrelated config). That lack of explicit exclusion increases risk of accidental exposure of secrets when the agent performs a codebase scan or 'reads the codebase'.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute. This is low risk from an installation perspective — nothing will be downloaded or written to disk by the registry install step itself.
Credentials
The skill requests no environment variables or credentials in metadata (good). However, workflow docs reference generating commits, running verification tests, and producing delta/merge instructions (git-based operations and test runners). Those actions typically require toolchain access and repo-level write permissions; they are not declared. This is a proportionality gap (missing declared requirements) rather than an explicit demand for unrelated credentials.
Persistence & Privilege
always:false and no install actions or persistent background behavior are declared. The agent may invoke the skill autonomously (platform default) but nothing in the metadata grants it permanent/system-level privileges or modifies other skills. Note: the skill supports 'Auto-approve' user preferences which, if set by the user, could allow the workflow to proceed automatically without manual gate checks — that is a user-configurable risk rather than a hidden privilege.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install spec-coder
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /spec-coder 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.4
spec-coder 1.0.0 - Clarified file reading rules: explicitly skip `specs/changes/archive/` (ignore archived/merged changes). - All workflows and usage instructions unchanged except for archive exclusion. - No file changes or functionality updates outside documentation clarification.
v0.1.3
spec-coder v0.1.3 - Added initial UI design guidelines reference: `references/ui-design-guidelines.md`. - Improved workflow robustness by requiring reading `specs/status.md` on session start to determine current phase and context. - Clarified inputs/outputs for each workflow phase in the Quick Reference table for better guidance. - Updated codebase scan process: scan summary is now persisted under `## Codebase Context` in `specs/status.md` for session continuity. - Minor adjustments to requirements/doc writing and project entry logic to better handle mid-project cases.
v0.1.2
**Introduced spec lifecycle and template references, enhanced file organization:** - Added two new reference documents: `references/spec-lifecycle.md` and `references/templates-lifecycle.md`. - Overhauled file organization to introduce a two-layer model (trunk + changes), supporting incremental work and lifecycle management. - Added quick reference tables for workflow phases, outputs, and review gates. - Clarified when to use the changes layer (`changes/`) and provided structure for incremental features and modifications. - Linked to new references for spec lifecycle and template usage throughout main documentation.
v0.1.1
Initial release with expert review protocol and improved file organization. - Adds structured review gates between workflow phases, referencing an expert-review protocol. - Introduces clear file organization, including a new `specs/design-preview/` directory for HTML mockups or architecture diagrams. - Removes legacy `templates.md` file; adds modular references: `references/expert-review-protocol.md` and `references/templates.md`. - Updates track selection logic and review process for Small, Medium, and Large features. - Streamlines workflow phases, emphasizing expert feedback and auto-approval when no critical/major issues detected.
v0.1.0
Version 1.0.0 — Major refactor for spec-first workflow - Consolidated template files into a single `templates.md`; removed legacy templates and examples. - Rewrote documentation to focus on a structured, phase-driven, spec-first development workflow. - Added track selection (Small/Medium/Large) and clarified typical use cases and entry points. - Defined new file organization under a unified `specs/` directory. - Provided step-by-step guidance for requirements clarification, spec writing, code generation, and verification. - Simplified and modernized instructions for both greenfield and existing projects.
元数据
Slug spec-coder
版本 0.1.4
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 5
常见问题

Spec Coder 是什么?

Structured spec-first development workflow with multi-role expert review gates: clarify requirements, author spec documents (requirements/design/tasks), gene... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 280 次。

如何安装 Spec Coder?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install spec-coder」即可一键安装,无需额外配置。

Spec Coder 是免费的吗?

是的,Spec Coder 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Spec Coder 支持哪些平台?

Spec Coder 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Spec Coder?

由 Pan Xiaohua(@xhuaustc)开发并维护,当前版本 v0.1.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论