← 返回 Skills 市场
91
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install vue2-risk-scan
功能描述
Skill 用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题
安全使用建议
This skill appears coherent and limited to scanning a Vue2 project. Before running it: (1) review the included scripts yourself (they're small and bundled) to satisfy yourself they only access project files; (2) run them in a sandbox or CI environment if you are cautious — they call npm audit and npm list which may perform network calls; (3) ensure npm/node are installed in the environment where you run it; (4) be aware of some simplistic checks (e.g., core-js version parsing) that can cause false positives. No credentials are requested and there are no hidden remote endpoints in the scripts.
功能分析
Type: OpenClaw Skill
Name: vue2-risk-scan
Version: 1.0.0
The skill is a legitimate diagnostic tool designed to scan Vue2 projects for security and configuration risks. It uses shell scripts (scripts/checks/) to inspect local files like package.json, vue.config.js, and babel.config.js for vulnerable dependencies (e.g., axios) and insecure settings (e.g., production source maps). No evidence of malicious intent, data exfiltration, or unauthorized execution was found.
能力评估
Purpose & Capability
The name/description match the actual behavior: scripts check package.json, vue.config.js, babel.config.js and run npm audit/npm list to surface dependency and config issues. No unrelated credentials, binaries, or network endpoints are requested.
Instruction Scope
SKILL.md instructs running scripts from the project root. The scripts only read project files (package.json, vue.config.js, babel.config.js) and invoke local npm commands (npm list, npm audit). There are no hidden remote endpoints or attempts to read unrelated system files. Some checks use simplistic parsing (e.g., core-js version parsing), which may produce false positives, but this is a correctness/quality issue rather than malicious behavior.
Install Mechanism
No install spec: instruction-only with bundled shell scripts. Nothing is downloaded or written to disk by an installer. Risk surface is limited to executing the included scripts.
Credentials
The skill requires no environment variables, no credentials, and no config paths beyond project files. It does run npm audit (which may access the network for audit data) but that is proportional to dependency scanning.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not modify other skills or system-wide config. It runs only when invoked by the user/agent.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vue2-risk-scan - 安装完成后,直接呼叫该 Skill 的名称或使用
/vue2-risk-scan触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of vue2-risk-scan.
- Automates scanning for common risks in Vue2 projects.
- Detects dependency security issues, Webpack configuration risks, and Babel configuration problems.
- Designed for use in daily development, CI checks, and AI automated diagnosis.
- Usage: run sh scripts/scan-vue2-risk.sh in your project root.
元数据
常见问题
用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题 是什么?
Skill 用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 91 次。
如何安装 用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vue2-risk-scan」即可一键安装,无需额外配置。
用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题 是免费的吗?
是的,用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题 支持哪些平台?
用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 用于自动扫描 Vue2 项目的潜在风险,依赖安全,Webpack 配置风险, Babel 配置问题?
由 gfrxf(@gfrxf)开发并维护,当前版本 v1.0.0。
推荐 Skills