Neckr0ik Code Generator
v1.1.0Generate boilerplate code for common patterns. Creates project scaffolds, CRUD operations, API clients, database models, tests. Use when you need to quickly...
⭐ 0· 219·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the general purpose (code generator). However, the SKILL.md advertises multi-language scaffolds, API-client generation from specs, and many templates; the shipped scripts/generator.py implements mostly Python functionality and returns placeholders for other languages/ORMs. This is a capability mismatch (over-promising) but not necessarily malicious.
Instruction Scope
SKILL.md instructs running a CLI with commands like api-client --spec <url> and refers to templates in references/templates/. The included generator.py implements scaffold/crud/model/test/config primarily for Python and does not appear to implement network fetching or all advertised commands. The instructions reference files/paths (references/templates/) that are not included. The skill will write files to disk (create project dirs/files) and read source dirs when generating tests — expected for this purpose.
Install Mechanism
No install spec or external downloads. The package is instruction-plus-a-local script (scripts/generator.py). Nothing is pulled from arbitrary URLs or installed automatically, which reduces supply-chain risk.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The code writes files and reads a source directory for tests but does not request secrets or access unrelated services in the provided code. No disproportionate credential requests were found.
Persistence & Privilege
The skill does not request persistent/always-on inclusion (always: false). It does not modify other skills or system-wide config in the visible code. It is user-invocable and can run autonomously per platform defaults — normal for skills.
What to consider before installing
This package appears to be a local code generator focused on Python, but the documentation overstates supported languages and references template directories that aren't bundled. Before installing or running: (1) inspect the full scripts/generator.py (the provided excerpt imports subprocess and is truncated — verify there are no unexpected shell executions or network calls); (2) run the tool in an isolated directory or container (do not run it in your home or a repository with sensitive files) so generated files can't overwrite important data; (3) check for the presence of the referenced references/templates/ folder and any missing commands (api-client, multi-language scaffolds) — treat claims of OpenAPI fetching or multi-language support as unimplemented until proven otherwise; (4) if you plan to run it on real projects, review generated code for security (e.g., handling of user input, secrets) and consider scanning the full source with a static analyzer. These mismatches look like sloppy documentation or an incomplete feature set rather than overt malice, but because the implementation is incomplete and the file was truncated, exercise caution.Like a lobster shell, security has layers — review code before you run it.
latestvk971dp8t3gfbyw692ef4ev4vxx82f25f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.