← 返回 Skills 市场

Super Dev Pipeline

Name: Super Dev Pipeline
Author: shangyankeji

作者 SYHUB · GitHub ↗ · v2.3.0 · MIT-0

cross-platform ⚠ suspicious

313

总下载

当前安装

版本数

在 OpenClaw 中安装

/install super-dev

功能描述

Super Dev pipeline governance: research-first, commercial-grade AI coding delivery with 10 expert roles, quality gates, and audit artifacts.

安全使用建议

This skill appears internally consistent for a local dev pipeline: it expects a local 'super-dev' CLI and operates on project files and outputs. Before installing or enabling it, do the following: (1) Verify the source and authenticity of the 'super-dev' package (inspect the PyPI/package repo, check maintainer and release history). (2) Review what the installed super-dev binary and the @super-dev OpenClaw plugin actually do (read their code or run in a sandbox) because the Skill grants the agent the ability to run CLI commands and access project files. (3) Avoid placing secrets or cloud credentials in knowledge/ or output/ directories the skill will read. (4) Consider running the package in an isolated environment (container or VM) first. If you cannot inspect the super-dev package or plugin source, treat activation as higher risk.

功能分析

Type: OpenClaw Skill Name: super-dev Version: 2.3.0 The skill bundle defines a comprehensive AI development pipeline but includes a high-risk tool, `super_dev_run`, which is described in `SKILL.md` as allowing the execution of arbitrary CLI commands. While the documentation in `references/commands.md` suggests this is intended for specific pipeline stages (e.g., `super-dev run frontend`), the unconstrained tool definition creates a significant Remote Code Execution (RCE) vulnerability. No clear evidence of intentional malice or data exfiltration was observed, but the broad execution capability is a major security concern.

能力评估

✓ Purpose & Capability

Name/description, declared required binary (super-dev), the listed Tools and the SKILL.md all describe a dev pipeline/governance system and consistently require a local super-dev CLI. Reading project knowledge files and producing output docs is coherent with the stated purpose.

ℹ Instruction Scope

Instructions mandate reading local project knowledge (knowledge/, output/*, .super-dev state files) and enforce quality gates and manual confirmation — all reasonable for a pipeline. The skill (and its Tools) also allow running arbitrary CLI commands via super_dev_run, and the agent is expected to perform network research when not offline. That broad host-level capability is consistent with a dev tool but increases risk if the underlying CLI or plugin is malicious or misconfigured.

ℹ Install Mechanism

Install spec points to a package install (labelled 'pip install super-dev') rather than an arbitrary download; this is more traceable than a direct URL but still involves installing third‑party code from a package registry (moderate risk). No suspicious download URLs or archive extracts are present in the spec.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths beyond needing the super-dev binary. The files and instructions reference only project-local paths, which are proportionate to a pipeline/governance tool.

✓ Persistence & Privilege

always:false and normal model invocation mean the skill is not force-included and does not request elevated platform privileges. It does instruct installing a plugin and using the local CLI, which is normal for this class of tool and confined to its own scope.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install super-dev
安装完成后，直接呼叫该 Skill 的名称或使用 /super-dev 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.3.0

No user-visible changes in this version (2.2.1); the SKILL.md remains unchanged.

v2.2.0

- Updated documentation to clarify separation between Plugin and Skill roles, emphasizing Plugin Tool orchestration via OpenClaw. - Stronger and clearer knowledge base contract: each pipeline stage must load and enforce relevant knowledge files and cache, with explicit mappings and constraints. - Step-by-step pipeline now described via Tool calls (e.g. super_dev_pipeline, super_dev_review, super_dev_spec) rather than CLI commands. - Revised first-response template; startup flow, confirmation gates, and recovery instructions streamlined for simpler user guidance. - Strict UI governance and return-workflow rules now summarized in clear tables, including prohibited patterns and recovery actions. - All references to numbered CLI stages and in-depth stage-by-stage descriptions have been simplified in favor of concise, actionable Tool-based workflow.

v1.0.0

super-dev 1.0.0 – Initial release - Introduces a comprehensive AI DevOps pipeline with 10 expert roles and 9 sequential stages, including quality gates and audit artifacts. - Enforces strict workflows: research, three core docs, user confirmation, spec/tasks, frontend-first, then backend/testing/delivery. - Mandates explicit user confirmation gates before proceeding at key stages (core docs, frontend preview, quality review). - Integrates local knowledge as strict constraints for every pipeline step. - Provides detailed user guidance and standard templates for every phase, including how to respond, resume, or revise. - Supports flexible recovery, stage-specific execution, and enforceable rework protocols based on user or quality feedback.

元数据

Slug super-dev

版本 2.3.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 3

常见问题

Super Dev Pipeline 是什么？

Super Dev pipeline governance: research-first, commercial-grade AI coding delivery with 10 expert roles, quality gates, and audit artifacts. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 313 次。

如何安装 Super Dev Pipeline？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install super-dev」即可一键安装，无需额外配置。

Super Dev Pipeline 是免费的吗？

是的，Super Dev Pipeline 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Super Dev Pipeline 支持哪些平台？

Super Dev Pipeline 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Super Dev Pipeline？

由 SYHUB（@shangyankeji）开发并维护，当前版本 v2.3.0。