ClawHub

Openclaw Cc Rules

v1.0.0

提供基于顶级 AI 编程工具的结构化工作流规范,涵盖计划、任务追踪、只读探索、Git 操作安全及多文件变更策略。

0· 62·0 current·0 all-time
by@badxtdss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description claim a programming workflow policy; SKILL.md and READMEs consistently define Plan Mode, read-only exploration, Git safety, and task-tracking rules. Nothing requested (no env vars, no binaries, no config paths) is inconsistent with that purpose.
Instruction Scope
Runtime instructions direct the agent to read files, run read-only shell/git commands (ls, cat, grep, git status/diff/log/etc.) and to avoid writes during exploration. This is appropriate for a ruleset, but the SKILL.md autonomously triggers on any coding-related scenario and authorizes exec/read operations — users should be aware the agent will examine repository files when activated.
Install Mechanism
No install spec (instruction-only) — lowest-risk delivery. README suggests a manual git clone from a third-party repo (https://github.com/badxtdss/...), but that clone is not part of the registry install; cloning an untrusted repo is a separate risk that the user must evaluate.
Credentials
No environment variables, credentials, or config paths are required. The allowed operations imply access to the workspace files and to git; those are proportionate for a code-understanding policy.
Persistence & Privilege
always:false and model invocation allowed (platform default). The skill does not request permanent elevated privileges or system-wide config changes. It does suggest users may copy SKILL.md into ~/.openclaw/skills/ which is normal for local skill installation.
Assessment
This skill is internally consistent: it is a ruleset that tells the agent to read repo files and run read-only git commands before making changes. Things to consider before installing: 1) SKILL.md will cause the agent to automatically examine code whenever it senses a coding scenario—if you prefer manual control, change the trigger or keep it user-invocable only. 2) The README suggests cloning from a third‑party GitHub repo (owner 'badxtdss'); do not git-clone or run code from unknown repositories without review. 3) Because the skill uses exec/read operations, verify the agent environment (git availability, workspace permissions) and review the SKILL.md/README locally to ensure the activation rules and allowed commands match your security policy. If you want higher assurance, request the author/source or inspect a local copy before enabling automatic activation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97crq9mkj470twn97bmw49t6s842pah

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments