框架核心工程师 命令与代码生成
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make lasting code or metadata changes in the project when helping with framework commands.
The skill explicitly instructs the agent to run a local framework command and validate command behavior. This is purpose-aligned for command scaffolding, but it can modify repository command metadata.
Run `php bin/w command:upgrade` after creating or changing command registration.
Review generated diffs and run validation commands in a safe development environment before applying them to important branches or production systems.
The agent may rely on project-local standards or instructions outside this reviewed skill file.
The skill refers to additional local guidance files and shared skills that were not included in the reviewed artifact set. This is plausible for a repository-specific engineering skill, but those referenced instructions were not independently inspected here.
Source Material - `AI-ENTRY.md` - `CLAUDE.md` - `dev/ai/skills/create-framework-command/SKILL.md`
Ensure the referenced repository guidance files are trusted and reviewed, especially before letting the agent make broad code-generation changes.
If the host environment supports such notifications, task details or validation issues could be shared with another role or agent.
The skill includes a collaboration instruction to notify a named technical-lead role, but the artifact does not define the communication channel, identity verification, or data-sharing boundary.
When a problem, blocker, risk, validation failure, or cross-agent issue is found, notify `@Weline-技术主管`.
Confirm who receives these notifications and avoid sharing sensitive project details unless the user has approved that collaboration path.