Project Init
v0.1.0Project initialization toolkit. contributing - auto-generate CONTRIBUTING.md from project structure [contributing.md]. "init", "project init", "initialize pr...
⭐ 0· 69·0 current·0 all-time
byes6kr@drumrobot
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description claim to analyze project structure and generate CONTRIBUTING.md, and the SKILL.md describes reading package.json, .editorconfig, lint and husky configs, monorepo files, and producing a CONTRIBUTING.md — all coherent and proportionate to the stated purpose.
Instruction Scope
Runtime instructions explicitly call local filesystem inspection (ls, cat, reading config files) and then writing ./CONTRIBUTING.md. This is expected for a project-init tool. The skill includes a non-destructive confirmation step before overwriting. Note: examples use tools like jq and assume standard repo layout; those binaries are not declared but are normal helper assumptions rather than suspicious behavior.
Install Mechanism
No install spec and no code files (instruction-only), so nothing is downloaded or written to disk by an installer. This is the lowest-risk pattern for this kind of skill.
Credentials
The skill requests no environment variables, credentials, or config paths. It only reads local repo files consistent with its purpose; there are no unexplained secrets requested.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill is coherent for generating a CONTRIBUTING.md: it will read project files (package.json, .editorconfig, eslint, husky, pnpm-workspace.yaml, src/, packages/ etc.) and propose/write ./CONTRIBUTING.md. Before running or committing output: (1) ensure you run it inside the intended repository (it will read files in the current working tree), (2) review the generated CONTRIBUTING.md before accepting/committing (the skill notes it will ask before overwriting), (3) be aware some config files or scripts may contain sensitive info — verify nothing secret is unintentionally revealed in the generated doc, (4) the instructions assume helper tools like jq and typical Node tooling (pnpm/corepack) — install those if needed or the analysis commands may fail, and (5) because this is instruction-only and asks no secrets, risk is low but always review generated content before pushing.Like a lobster shell, security has layers — review code before you run it.
latest
es6kr@drumrobot
DownloadInit
Project initialization toolkit — scaffolding, boilerplate generation, and setup automation for new or existing projects.
Topics
| Topic | Description | Guide |
|---|---|---|
| contributing | Auto-generate CONTRIBUTING.md from project structure analysis | contributing.md |
Quick Reference
Contributing (Auto-generate CONTRIBUTING.md)
/init contributing # Analyze project and generate CONTRIBUTING.md
Key steps:
- Detect project type (monorepo, single package, npm workspaces)
- Analyze config files (package.json, .editorconfig, eslint, husky)
- Detect directory structure and dependencies
- Generate CONTRIBUTING.md with detected settings
What gets detected:
- Requirements: Node.js version, package manager from
enginesandpackageManager - Code Style: indent, EOL, charset from
.editorconfig - Lint Config: ESLint rules, Prettier settings
- Build Commands: scripts from
package.json - Commit Convention: Conventional Commits format with detected scopes
- Pre-commit Hooks: husky configuration
- Monorepo Structure: package dependency graph and build order
Design Philosophy
- Detection over assumption: Only include sections for settings that actually exist in the project
- Language-aware: Match project language (English for open source, Korean for internal)
- Non-destructive: Always confirm before overwriting existing files
Comments
Loading comments...