Gen Coding Specs
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent and scoped to generating Markdown coding-spec documents, with a few review-worthy notes about workspace scanning, persistent specs used by other skills, and package/template consistency.
Safe to install for its stated purpose, but review the generated docs/coding-specs files before committing or using them with code-generation skills. Also verify the installed package has the expected templates/ layout and update any weak security examples before treating the generated security spec as authoritative.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill will read project structure and create or update documentation files in the workspace.
The skill tells the agent to inspect the workspace and write generated documentation files. This is expected for the stated purpose and is bounded to docs/coding-specs/.
自动扫描项目... 从 `templates/` 读取模板,按以下规则定制后写入 `docs/coding-specs/`。
Review the generated diff before committing, especially if using --force or regenerating over existing specs.
Incorrect or overly broad generated standards could steer later code generation or review behavior.
The generated Markdown is intended to become persistent context that other agent skills will trust and reuse.
`docs/coding-specs/` 是 gen-code、review-code 等技能读取规范的唯一路径
Have a human review the generated specs before allowing other skills to rely on them.
The skill may fail its own template-completeness check or require manual adjustment of template locations.
The instructions expect templates under templates/, but the provided file manifest lists coding.*.md files at the package root rather than in a templates/ directory. This looks like a packaging/layout inconsistency rather than hidden behavior.
模板与本技能同目录维护,路径:`skills/gen-coding-specs/templates/`
Confirm that the installed package contains the expected templates/ directory or update the instructions to match the actual file layout.
If copied directly into generated code, some security examples may lead to weaker implementations than intended.
The security template includes a simplified/deprecated Node.js AES-CBC example. Because these docs may guide future code generation, users should review security examples before treating them as authoritative.
const cipher = crypto.createCipher('aes-256-cbc', key);Replace simplified crypto examples with modern authenticated encryption guidance, such as AES-GCM with random nonces/IVs or a vetted KMS/library.