Universal Command Pattern
v1.0.0Define commands once, deploy to CLI, API, and MCP automatically. Use when building new commands/tools for Supernal — ensures consistent interfaces across all...
⭐ 0· 316·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the SKILL.md examples: defining a UniversalCommand and generating CLI, API, and MCP surfaces is exactly what the instructions and API reference show. No requested binaries, env vars, or config paths appear unrelated to that purpose.
Instruction Scope
SKILL.md contains concrete code examples and runtime instructions (npm install, createRuntimeServer, generateNextRoutes, startMCP transport). These are within the stated purpose. Minor note: examples include creating MCP tools and starting an MCP server with transport 'stdio' and reading request headers (e.g., x-user-id) — expected for exposing commands to agents/APIs but worth reviewing in your integration to avoid unintentionally exposing sensitive headers or endpoints.
Install Mechanism
The skill itself has no install spec (instruction-only), but the README instructs installing an npm package (@supernal/universal-command). This is proportional for the purpose. Because the skill points to an external npm package, verify the package's author, source, and contents before running npm install.
Credentials
No environment variables, credentials, or config paths are required by the skill metadata. The SKILL.md does reference using request headers and auth options for API generation, which is normal for this type of framework and does not imply the skill needs extra credentials itself.
Persistence & Privilege
always is false and the skill is user-invocable; it doesn't request permanent presence or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other concerning flags.
Assessment
This skill is internally coherent: it documents a pattern and points you to an npm package that implements it. Before you install or use it, verify the @supernal/universal-command package on npm (owner, weekly downloads, repository link, and published code). If you plan to expose generated APIs or MCP tools, review how auth and headers are handled (don't forward secrets or broad headers to agent tools), run a dependency audit (npm audit), and consider testing in a sandbox environment first. If you need higher assurance, ask for the package repository URL or inspect the exact package contents and its publish history before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97c9q92d9pxve9ahf81rrsf4x823rtk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.