← 返回 Skills 市场
101
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install spec-engine
功能描述
项目规格自动生成与验证工具 — 从想法到任务清单的全流程自动化。 支持:(1) 智能生成 spec (2) 可配置验证评分 (3) 自动拆解子任务 (4) Web 仪表盘 (5) 版本对比 (6) 历史分析
安全使用建议
What to consider before installing or running:
- Inspect SKILL.md and the Python scripts locally (you already have them). Look specifically at analyze.py and daily_news.py: they walk directories and read .md files and have a default directory that may point to a shared/team path — don’t run them with defaults unless you want those directories scanned.
- The collectors make outbound HTTP requests to public APIs and search engines; if you run these on a machine with sensitive network access, they will contact external servers. Run them in a sandboxed/container environment if you are unsure.
- Remove or override default directory arguments (use --dir) to limit filesystem exposure. Prefer running with a dedicated test folder first.
- Check for invisible/unicode-control characters in SKILL.md (the pre-scan flagged them) and remove them if present before using this skill with an LLM, since such characters can attempt to manipulate prompt parsing.
- There are no declared secret/env requirements, but proxy env vars are used if present — review environment variables before running.
- If you plan to let an agent invoke this skill autonomously, be cautious: the combination of filesystem scanning and outbound network calls increases the risk of unintended data leakage. Consider disabling autonomous invocation or restricting the skill to manual use until you’re comfortable with its behavior.
If you want, I can: (a) list the exact lines where the default path and network calls occur, (b) show how to run the analyzer safely (example CLI flags), or (c) produce a sanitized version of SKILL.md with control characters removed.
功能分析
Type: OpenClaw Skill
Name: spec-engine
Version: 3.0.0
The spec-engine bundle is a comprehensive toolset for project specification management, including automated generation, validation, task decomposition, and news aggregation. The Python scripts (e.g., generate.py, validate.py, and analyze.py) use standard libraries for regex-based text processing and file management. The collectors (bilibili.py, github_oc.py, etc.) perform outbound HTTP requests to public APIs and search engines to gather project-related news, which is consistent with the stated purpose of the daily_news.py script. No evidence of malicious intent, data exfiltration, or prompt injection was found.
能力评估
Purpose & Capability
The skill claims spec generation/validation/decomposition/dashboard/compare/analyze and the repo contains corresponding scripts (generate.py, validate.py, decompose.py, dashboard.py, compare.py, analyze.py). However, there are additional 'daily_news' and 'collectors/*' modules (bilibili, github_oc, clawhub_oc, xiaohongshu) that scrape external sites and produce news reports; those collectors are not described in the SKILL.md command table. Collectors could be related to 'historical analysis' or dashboard enrichment, but their presence is extra capability that a user might not expect from a 'Spec Engine' alone.
Instruction Scope
The scripts perform broad actions: analyze.py and other tools walk directories and read .md files (os.walk, read_file), potentially scanning arbitrary paths. analyze.py's default --dir value points to a relative path '.../teams/shared/specs' (hard-coded default) which implies reading shared/team directories if present. The collectors perform network requests to multiple external services (api.bilibili.com, api.github.com, clawhub.ai, DuckDuckGo/xiaohongshu scraping). Running the provided commands without restricting directories or network access could expose internal spec files and transmit gathered data off-host. SKILL.md does not warn about these behaviors or the default scan path.
Install Mechanism
There is no install spec — the package is instruction/code-only and nothing is downloaded during install. All functionality is provided by included Python scripts using the standard library (with optional requests if available). No remote archive download or unusual installer behavior was found in the provided files.
Credentials
The skill declares no required env vars or credentials, and none are required to call public APIs. However, the code reads proxy environment variables (HTTP_PROXY/HTTPS_PROXY) and may use network access. The analyzer default directory implies access to team/shared paths on disk which is not declared or explained. No credentials (tokens/keys) are requested, which is proportional, but the implicit ability to read local markdowns and make network calls increases data-exposure risk.
Persistence & Privilege
The skill does not request permanent inclusion (always:false). It does not appear to modify other skills or global agent configuration. It writes reports to files when run (save_report/save_json_report) but does not attempt to alter system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install spec-engine - 安装完成后,直接呼叫该 Skill 的名称或使用
/spec-engine触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.0
spec-engine v3.0.0 introduces major new features and enhancements for automated project spec generation and management.
- 新增 decompose 子任务拆解:自动根据 spec 提取需求,并生成子任务清单、工时、依赖、负责人建议与关键路径分析。
- 新增 Web 仪表盘 dashboard:可视化所有 spec 的评分、技术栈分布和完整性状态。
- 所有核心功能命令均支持命令行调用,支持多种输出格式与自定义校验规则。
- 保持纯 Python 标准库实现,无需第三方依赖,完全兼容前序版本。
元数据
常见问题
Spec Engine 是什么?
项目规格自动生成与验证工具 — 从想法到任务清单的全流程自动化。 支持:(1) 智能生成 spec (2) 可配置验证评分 (3) 自动拆解子任务 (4) Web 仪表盘 (5) 版本对比 (6) 历史分析. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 101 次。
如何安装 Spec Engine?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install spec-engine」即可一键安装,无需额外配置。
Spec Engine 是免费的吗?
是的,Spec Engine 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Spec Engine 支持哪些平台?
Spec Engine 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Spec Engine?
由 YJ85814(@yj85814)开发并维护,当前版本 v3.0.0。
推荐 Skills