ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Project Code Standard

v0.1.0

此 skill 用于检查、执行和修复项目代码规范。当用户需要为项目建立代码风格标准、 检查代码是否符合规范、自动修复格式问题、生成代码质量报告,或在 Code Review 中验证提交是否满足团队规范时激活。支持 Python (PEP8/black/ruff)、JavaScript/ TypeScript (E...

0· 352·0 current·0 all-time
by@forestxiecode
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill description (linting/formatting for Python and JS/TS) matches the runtime commands (ruff, eslint, black, prettier) and the described flows. However, SKILL.md repeatedly references helper scripts (e.g., python scripts/check_python.py, scripts/check_js.py, scripts/check_general.py) and an assets/ directory for templates that are NOT provided by the skill package. It's unclear whether those scripts are expected to already exist in the user's project, provided by a separate install step, or omitted — this is an inconsistency between claimed capability and what's actually packaged.
Instruction Scope
Instructions stay within the domain of code-quality checks (inspect repo root, run linters, optionally fix files, produce a markdown report). They explicitly say to avoid overwriting existing configs and to ask user confirmation before automatic fixes, which is good. But the instructions direct the agent to execute arbitrary scripts from the project's scripts/ path (if present). Running project-local scripts means the agent could execute arbitrary repository code — functionally relevant but a potentially risky action that the SKILL.md does not advise the user to inspect first.
Install Mechanism
No install spec is provided (instruction-only), which reduces the skill's ability to write files or pull code on install. However, the runtime assumes external tools (ruff, black, eslint, prettier) and non-existent local helper scripts/assets. Because there is no guidance to install these tools from trusted sources or to verify the helper scripts before execution, there is operational ambiguity and a modest risk if the agent runs commands in a repository with untrusted code.
Credentials
The skill requests no environment variables, credentials, or config paths. There are no disproportionate credential demands relative to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent privileges. Autonomous invocation is allowed by default but is expected for this type of skill. There is no indication the skill modifies other skills or system-wide settings.
What to consider before installing
This SKILL.md describes reasonable code-quality actions, but it does not include the helper scripts or assets it references. Before installing or invoking the skill, verify where scripts/check_python.py, scripts/check_js.py, scripts/check_general.py and the assets/ templates are expected to come from. If the agent will execute scripts inside your repository, inspect those scripts manually first (or run the skill in a sandboxed copy of the repo). Ensure linters (ruff, black, eslint, prettier) are installed from trusted sources. Be especially cautious about allowing automatic fixes: confirm the skill asks for explicit user permission before modifying files, and consider disabling autonomous execution of fix steps until you have reviewed the tooling and scripts.

Like a lobster shell, security has layers — review code before you run it.

latestvk971r5rxdwkk1rt6sjp2pmxv19828ngf
352downloads
0stars
1versions
Updated 8h ago
v0.1.0
MIT-0
@forestxiecode
latest
Download

Project Code Standard

目标

帮助开发者为项目建立、检查和执行统一的代码规范,确保代码库的一致性、可读性和可维护性。

何时使用

激活此 skill 的场景:

  • 用户要求「检查代码规范」「lint 代码」「格式化代码」
  • 用户要求「建立代码标准」「设置代码风格」
  • 在 Code Review 前验证代码质量
  • 用户询问「这段代码符合规范吗?」
  • 新项目初始化时配置代码质量工具链
  • CI/CD 集成代码检查流程

前置条件

根据项目类型,需要以下工具之一:

  • Python 项目:Python >= 3.8,可选安装 ruffblackpylint
  • JS/TS 项目:Node.js >= 16,可选安装 eslintprettier
  • 通用:无特殊依赖,使用内置检查逻辑

执行步骤

步骤 1:识别项目类型

首先检查项目根目录,识别技术栈:

# 检查关键配置文件
ls package.json pyproject.toml setup.py Cargo.toml go.mod 2>/dev/null

根据识别结果选择对应的规范检查流程。

步骤 2:运行规范检查

Python 项目

# 使用 ruff 进行快速全面检查(推荐)
python scripts/check_python.py <target_path> --output markdown

# 或者逐步检查
ruff check .               # 代码规范
ruff format --check .      # 格式检查

JavaScript / TypeScript 项目

python scripts/check_js.py <target_path> --output markdown

通用规范检查(命名、注释、文件结构):

python scripts/check_general.py <target_path> --output markdown

步骤 3:呈现检查结果

将检查结果组织为以下格式汇报给用户:

## 代码规范检查报告

### 总览
- 检查文件数:N
- 发现问题:X 个(严重:A,警告:B,提示:C)

### 问题列表
| 文件 | 行号 | 类型 | 描述 |
|------|------|------|------|
| ... | ... | ... | ... |

### 建议修复方案
...

步骤 4:自动修复(可选)

如果用户同意自动修复,执行:

# Python
python scripts/check_python.py <target_path> --fix

# JS/TS  
python scripts/check_js.py <target_path> --fix

修复后重新运行步骤 2 验证结果。

步骤 5:生成规范配置文件(新项目)

如果项目尚无规范配置,从 assets/ 目录复制对应模板:

  • Python:assets/ruff.toml → 项目根目录
  • JS/TS:assets/.eslintrc.json + assets/.prettierrc → 项目根目录
  • 通用:assets/.editorconfig → 项目根目录

输出格式

以 Markdown 表格格式汇报检查结果,包含:

  1. 总览统计:文件数、问题数、按严重级别分类
  2. 问题列表:文件路径、行号、问题类型、描述
  3. 修复建议:针对高频问题给出具体修复方案

注意事项

  • 优先使用项目中已有的 lint 配置(.eslintrcruff.toml 等),不要覆盖用户已有配置
  • 自动修复前必须获得用户确认,不要直接修改文件
  • 检查范围默认排除 node_modules/.venv/dist/build/ 等目录
  • 如果项目没有安装 lint 工具,仅做语法层面和通用规范检查,并建议安装工具

Comments

Loading comments...