Dev Tools

v1.0.0

开发工具箱，提供规范管理、预提交检查、错误诊断、技术债务跟踪、代码差异对比、重构建议、依赖分析等开发辅助功能。

⭐ 0· 95·0 current·0 all-time

byLiu Feng@lf951515851

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (dev toolbox: spec, pre-commit, diagnose, debt, diff, refactor, dep) match the provided files (SKILL.md, prompt.md, README) and the included boundary-check script. Nothing in the bundle requires unrelated cloud credentials or system-level access.

ℹ

Instruction Scope

SKILL.md and prompt instruct the agent to scan the codebase (Java, frontend, JS/TS files, XML, etc.), run checks, and write reports under docs/. That scope is appropriate for a repo-analysis dev tool. Note: the included script reads repository files broadly and will write findings to docs/... reports; it also references an optional env var AI_SPECKITS_STRICT and respects PROJECT_ROOT if set (neither declared in registry metadata). These are reasonable but worth noting because they affect behavior.

✓

Install Mechanism

Instruction-only skill with no install spec. The shell script optionally calls madge if present, but the skill doesn't force downloads or create executables. Low install risk.

ℹ

Credentials

The skill declares no required environment variables or credentials. The script optionally honors PROJECT_ROOT and AI_SPECKITS_STRICT (undocumented in registry metadata). It scans repository files and may record code, SQL snippets, or internal API URLs into local reports — this is expected for a code-analysis tool but means reports can contain sensitive repository content. No network exfiltration is present in the files.

✓

Persistence & Privilege

always is false and the skill has no install or persistent agent privileges. It writes report files into the repository (docs/...), which is expected and limited in scope. It does not modify other skills or system-wide agent settings.

Assessment

This skill appears to do what it says: scan your codebase and produce local reports and recommendations. Before installing or running it, consider: 1) it will read your entire repository and write reports to docs/, so avoid running on repos with secrets you don't want copied into report files; 2) it references PROJECT_ROOT and an optional AI_SPECKITS_STRICT env var (not declared in metadata) — you can set or omit these to control behavior; 3) the script will attempt to use madge if installed (recommended for cycle detection) but will skip it otherwise. If you need stricter guarantees, inspect the generated report files and run the script in a safe/test checkout first.

Like a lobster shell, security has layers — review code before you run it.

latestvk974q6ffar35xmd597nqmgfnrs83t8hv

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Dev Tools

License

Comments