uniapp-vue项目分析器
v3.0.0智能分析 uni-app 和 Vue 项目,量化技术债务,发现代码隐患,自动生成项目分析报告。当用户需要分析 Vue 2/3、uni-app 项目结构、检查代码质量、评估技术债务、生成项目文档时使用。不适用于 React、Angular、Svelte、Python、Java、原生小程序或其他非 Vue 技术栈项目。
⭐ 0· 40·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (uni-app/Vue project analysis) match the SKILL.md: it enumerates manifest/package.json/pages.json parsing, code pattern checks, metrics and report generation. No unrelated requirements (cloud creds, system binaries) are declared.
Instruction Scope
SKILL.md instructs the agent to locate the project root, read configuration files (manifest.json, pages.json, package.json, vite/vue configs), scan source files for patterns (TODO/FIXME, console.log, long functions, deep nesting), and compute metrics — all appropriate for a static project analyzer. The instructions reference reading files and parsing packageJson via examples (fs.existsSync, etc.), which is expected; there are no instructions to reach out to external endpoints or to read unrelated system paths.
Install Mechanism
Instruction-only skill with no install spec and no code files. No downloads, package installs, or binary requirements are declared — lowest-risk install posture.
Credentials
The skill requests no environment variables, credentials, or config paths. The analysis naturally reads repository files and config files (which may contain tokens/API keys if present), but the skill does not request external secrets.
Persistence & Privilege
Skill is not always-enabled and uses default autonomous invocation settings. It does not request to modify other skills or system-wide settings. No persistence or elevated privileges are declared.
Assessment
This skill appears coherent for analyzing Vue/uni-app projects: it reads your repository files and config files to compute metrics and generate reports. Before installing or running it: (1) understand it will inspect source code and configs (these can contain sensitive values such as API keys or app IDs), so avoid running it on repos with secrets you don't want processed; (2) because it's instruction-only, no external code is installed, but review the skill's markdown/instructions if you have doubts; (3) monitor what files are read and review any generated report for leaked secrets; and (4) run first on a copy or in an isolated workspace if you want extra caution.Like a lobster shell, security has layers — review code before you run it.
latestvk97fd2gr1z5pek8w2dm4jry3sd84pyq7uniappvk97exzjysykn9raq2cz5gjak2x84pazqvuevk97exzjysykn9raq2cz5gjak2x84pazq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.