Joycode
通过 shell 控制 JoyCode CLI 工具进行代码生成和 AI 辅助编程。使用场景:(1) 用户要求代码生成、代码补全或编程帮助 (2) 需要使用 AI 助手进行代码审查 (3) 需要在终端中进行交互式编程对话 (4) 需要执行自动化代码任务
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 18 · 0 current installs · 0 all-time installs
byNicholas@kangzhixing
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description describe controlling a JoyCode CLI for code generation and review, which matches the SKILL.md content. However the README-style instructions endorse global npm installation and an unrestricted 'exec --full-auto' mode that edits files — capabilities that are powerful but not explicitly scoped or constrained in the skill metadata.
Instruction Scope
The SKILL.md tells the agent to install and run joycode-cli commands that can run arbitrary natural-language tasks and a '--full-auto' mode that permits file editing. These instructions are open-ended (agent could be asked to perform wide-ranging modifications) and include interactive login and session restore; there are no in-skill guardrails or explicit limits on what files or data may be read/written or sent to remote services.
Install Mechanism
No automated install spec is included in the skill bundle, but the instructions explicitly recommend 'npm install -g joycode-cli' from the public npm ecosystem. Installing third-party npm packages globally is a common but moderate-risk action because packages can contain arbitrary code; the SKILL.md does not provide a homepage, repository, or cryptographic provenance to verify the package.
Credentials
The skill declares no required env vars or credentials, yet the instructions include 'joycode-cli login' (interactive authentication) and behaviors that persist sessions. This omission makes it unclear how credentials/tokens will be handled or stored. The CLI will likely contact remote services (exfiltration risk for source code), but no explicit env or privacy expectations are declared.
Persistence & Privilege
The skill is instruction-only, always:false, and does not request permanent platform privileges. It does not attempt to modify other skills or platform configuration in the provided instructions.
What to consider before installing
This skill is coherent with a CLI-based code assistant, but it instructs you to globally install a third-party npm package and to use an automated mode that can edit files. Before installing or running it: 1) Verify the npm package identity — check the package page, author, repository, and source code; avoid installing unknown packages globally (use a container or VM instead). 2) Inspect the package contents (bin scripts) and any network behavior in a safe environment. 3) Do not run '--full-auto' on sensitive repositories without backups and explicit review; prefer manual approval for file edits. 4) Be cautious with the 'login' step: understand where credentials are sent and how tokens are stored. 5) If you need to trust this skill, restrict its use to isolated environments and monitor network/file activity. If you want, I can list concrete checks to perform on the npm package (package.json fields to inspect, common trojan signs, how to run it in a sandbox).Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
JoyCode CLI 代码生成助手
安装
# 使用 npm 全局安装
npm install -g joycode-cli
# 验证安装
joycode-cli --version
核心命令
交互模式
# 启动交互式 TUI 界面
joycode-cli
# 带问题启动
joycode-cli "如何使用 Rust 编写一个 Hello World 程序?"
自动化模式
# 执行简单任务
joycode-cli exec "统计当前项目代码行数"
# 全自动模式(允许文件编辑)
joycode-cli exec --full-auto "为 utils.ts 编写单元测试"
会话管理
# 恢复上次会话
joycode-cli resume --last
# 通过会话 ID 恢复
joycode-cli resume <SESSION_ID>
# 打开会话列表选择
joycode-cli resume
登录认证
# 交互式登录 JoyCode 账号
joycode-cli login
斜杠命令(交互模式中使用)
| 命令 | 功能 |
|---|---|
/quit | 退出程序 |
/logout | 退出登录 |
/new | 开始新对话 |
/undo | 撤销上一步操作 |
/diff | 查看 Git 差异 |
/compact | 压缩对话历史 |
/init | 初始化 AGENTS.md |
/review | AI 代码审查 |
/approvals | 动态修改审批策略 |
常用工作流
- 代码生成:
joycode-cli exec --full-auto "为 src/main.ts 编写单元测试" - 代码审查: 在交互模式输入
/review - 项目初始化:
joycode-cli init - 恢复会话:
joycode-cli resume --last
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…