框架核心工程师 命令与代码生成
PassAudited by ClawScan on May 8, 2026.
Overview
This instruction-only skill is coherent for Weline command and code scaffolding, but users should supervise the local code changes and framework commands it asks the agent to perform.
This skill appears safe to install as an instruction-only, repository-focused engineering aid. Before using it, make sure you trust the referenced project guidance files, review any generated code or command-registration changes, and confirm whether `@Weline-技术主管` notifications are expected in your workflow.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make lasting code or metadata changes in the project when helping with framework commands.
The skill explicitly instructs the agent to run a local framework command and validate command behavior. This is purpose-aligned for command scaffolding, but it can modify repository command metadata.
Run `php bin/w command:upgrade` after creating or changing command registration.
Review generated diffs and run validation commands in a safe development environment before applying them to important branches or production systems.
The agent may rely on project-local standards or instructions outside this reviewed skill file.
The skill refers to additional local guidance files and shared skills that were not included in the reviewed artifact set. This is plausible for a repository-specific engineering skill, but those referenced instructions were not independently inspected here.
Source Material - `AI-ENTRY.md` - `CLAUDE.md` - `dev/ai/skills/create-framework-command/SKILL.md`
Ensure the referenced repository guidance files are trusted and reviewed, especially before letting the agent make broad code-generation changes.
If the host environment supports such notifications, task details or validation issues could be shared with another role or agent.
The skill includes a collaboration instruction to notify a named technical-lead role, but the artifact does not define the communication channel, identity verification, or data-sharing boundary.
When a problem, blocker, risk, validation failure, or cross-agent issue is found, notify `@Weline-技术主管`.
Confirm who receives these notifications and avoid sharing sensitive project details unless the user has approved that collaboration path.