← 返回 Skills 市场
Auto Prodcution
作者
tethercrypto888-star
· GitHub ↗
· v1.0.0
· MIT-0
74
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install vibe-innovative-idea-first-and-use-this-skill-to-production-automatically
功能描述
用「评分表驱动迭代」方法把项目做到生产级别。每次输入 /vibe-coding 启动,自动打分、修复、循环直到满足生产就绪阈值。
安全使用建议
This skill is coherent with its stated purpose but has two practical risks you should consider before installing or running it: (1) It will automatically modify and commit files in your repo without per-change confirmation. Run it only on a fork/branch or a disposable clone, or modify the workflow to produce diffs for human review instead of committing. (2) It expects many external CLI tools (semgrep, trivy, govulncheck, npm/pip-audit, gocyclo, etc.) but does not declare them; ensure these are installed in a controlled environment. Additional precautions: back up your repo, run in a sandbox or CI job with limited permissions, review the VIBE_SCORECARD.md and every proposed commit before merging, and avoid running this on repositories that contain secrets or production credentials. If you want safer operation, require interactive confirmation before commits or change commit commands to create branches/PRs instead of direct commits.
功能分析
Type: OpenClaw Skill
Name: vibe-innovative-idea-first-and-use-this-skill-to-production-automatically
Version: 1.0.0
The skill implements an autonomous 'vibe coding' workflow that iterates on project quality and security. It requires broad permissions to execute shell commands (e.g., semgrep, trivy, npm audit, curl) and perform automated git commits. Most notably, SKILL.md contains explicit instructions for the agent to bypass user confirmation ('do not ask whether to continue'), which is a high-risk behavior that removes human oversight for potentially destructive operations. While the behavior is aligned with the stated purpose, the combination of shell access and the instruction to override safety prompts warrants a suspicious classification.
能力评估
Purpose & Capability
The name/description align with the runtime instructions: reading the repo, evaluating dimensions, making fixes, and committing changes is coherent with an 'auto production' workflow. However, the SKILL.md expects many CLI scanners and git to be present (semgrep, trivy, govulncheck, npm/pip-audit, gocyclo, etc.) but the skill metadata declares no required binaries — the skill will fail or behave unpredictably if those tools are missing.
Instruction Scope
The instructions explicitly tell the agent to modify repository files and run 'git add -A && git commit ...' for every sub-fix and to 'directly execute' without asking for confirmation. That gives the skill authority to make persistent, potentially large changes to user code without explicit consent per change. The skill also instructs scanning for secrets and running security tools on the whole repo (which is expected) but does not constrain what to do with discovered secrets or results — this increases risk of accidental disclosure or destructive automated edits.
Install Mechanism
No install spec and no code files are present (instruction-only), which minimizes supply-chain risk. There is no download or extract step. The main practical issue is that required third-party tools are referenced in SKILL.md but not declared as dependencies.
Credentials
The skill requests no environment variables or credentials, which is proportionate to its stated purpose. Nonetheless, running the recommended scanners will read all repository files (which may contain secrets) and the skill makes no guidance about handling or protecting any sensitive findings it uncovers.
Persistence & Privilege
Although always:false and there is no special platform privilege, the skill directs automatic, repeated commits into the user's repository and instructs the agent not to ask 'whether to proceed' before making changes. That persistent modification behavior is powerful and risky — it can alter source history, introduce regressions, or leak sensitive data in commits if used without safeguards.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vibe-innovative-idea-first-and-use-this-skill-to-production-automatically - 安装完成后,直接呼叫该 Skill 的名称或使用
/vibe-innovative-idea-first-and-use-this-skill-to-production-automatically触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
1.0.0
元数据
常见问题
Auto Prodcution 是什么?
用「评分表驱动迭代」方法把项目做到生产级别。每次输入 /vibe-coding 启动,自动打分、修复、循环直到满足生产就绪阈值。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 74 次。
如何安装 Auto Prodcution?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vibe-innovative-idea-first-and-use-this-skill-to-production-automatically」即可一键安装,无需额外配置。
Auto Prodcution 是免费的吗?
是的,Auto Prodcution 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Auto Prodcution 支持哪些平台?
Auto Prodcution 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Auto Prodcution?
由 tethercrypto888-star(@tethercrypto888-star)开发并维护,当前版本 v1.0.0。
推荐 Skills