Code Archaeology

The name, README, SKILL.md and included scripts (integrator, converter, process-file-manager) are coherent with a legacy-code analysis -> generate migration/context-documents workflow. However the integrator expects specific file names prefixed with 'zbs_php_' and the default business domain is hardcoded to 'finance', which narrows applicability without justification. _meta.json version (2.4.0) differs from registry version (2.5.0) — a minor metadata inconsistency.

Runtime instructions ask the agent to read full source trees and produce many local artifacts (expected for this tool). The scripts create and write files on disk and the ProcessFileManager has a hardcoded default baseDir of '/Users/admin/.openclaw/workspace' (creates folders and files there) which is surprising and platform-specific. The SKILL.md also references external CLI tools (ai-plan-generator, clawteam) that are not included; the convert script calls integrator.generateValidationStandards(), but that method is not defined in the integrator — this is a runtime bug that could cause errors during execution. No instructions request secrets, but outputs may contain sensitive business code and credentials if present in the analyzed source (so exercising principle of least privilege is important).

There is no install spec (instruction-only skill), so nothing will be automatically downloaded or installed by the platform. The included Node.js scripts are present but will only run if the user or agent executes them. This is lower-risk than remote downloads, but local execution still writes files.

The skill declares no required environment variables or credentials (good). However it assumes a Node.js runtime (README notes Node.js v14+) and local filesystem access to the legacy codebase — which is expected for its purpose. The integrator generates integration configs (database, redis, enterprise_wechat) that may imply further credentials are needed downstream, but none are declared here.

The skill does not set always:true and does not request platform-wide privileges. Nevertheless, its ProcessFileManager defaults to writing into a hardcoded user path (/Users/admin/.openclaw/workspace) and will create project directories and files there if executed — this persistent file activity is surprising and could pollute or overwrite user workspace if run without checking the path. The skill does not modify other skills' configuration.