Claude Code Master
v1.0.1Claude Code 终极使用指南 - 涵盖上下文工程、规范驱动开发、Hooks 回调、Sub Agents、Output Styles、SuperClaude 框架等高级技巧。当用户需要:1) 提升 Claude Code 编程效率,2) 省 Token 技巧,3) Spec-driven 开发,4) 多 A...
⭐ 1· 83·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Claude Code tips, hooks, sub-agents, output styles, SuperClaude) match the included SKILL.md, README, and reference docs. Included scripts (init-project.py, create-output-style.py) are consistent with the stated purpose of initializing projects and creating output styles.
Instruction Scope
The runtime instructions instruct creating hooks that write results to /tmp/claude-code-hooks/latest.json and POST a wake event to http://127.0.0.1:18789/api/cron/wake. They also recommend populating environment variables like OPENCLAW_TOKEN and describe copying/ running third‑party installers (e.g., SuperClaude.git). This is expected for the described Hooks/Dispatch workflow, but the instructions will create files under ~/.claude and /tmp and may capture arbitrary CLAUDE_OUTPUT content (which might include secrets) — review hook scripts before using them and ensure the target wake endpoint is local/trusted.
Install Mechanism
There is no automated install spec; this is instruction-only with two utility scripts included. The README suggests cloning/running third‑party installers (SuperClaude), but those are explicit manual steps rather than hidden installs. Because nothing is auto-downloaded by the skill at install time, install risk is low — but following the README's manual git clone/run steps pulls external code and should be treated normally.
Credentials
The skill references environment variables (OPENCLAW_TOKEN, CLAUDE_* variables, and in docs ANTHROPIC_API_KEY etc.) and instructs users to export OPENCLAW_TOKEN, but the skill's declared metadata lists no required env vars. This is a metadata mismatch (documentation expects tokens) rather than a clear malicious mismatch — you should not supply a token until you understand where it is sent and that the wake endpoint is trusted. Hooks will include CLAUDE_OUTPUT (arbitrary content) in latest.json.
Persistence & Privilege
always is false and the skill does not request system-wide privileges in metadata. The guidance creates files under ~/.claude and /tmp and suggests adding env vars to shell rc files; those are normal for a local tooling workflow. No hidden always-on behavior is requested.
Assessment
This skill appears to be what it says: a comprehensive Claude Code workflow and hooks guide. Before you install or run any scripts: 1) Inspect the hook scripts (~/.claude/hooks/* and the included templates) — they write CLAUDE_OUTPUT into /tmp and POST to a wake endpoint; verify that endpoint is truly local and trusted. 2) Do not set OPENCLAW_TOKEN or other tokens globally until you confirm how/where they are used; consider using a token with limited scope or testing with a dummy token first. 3) Review any third‑party repo (e.g., SuperClaude) before cloning/running install.sh. 4) Be aware hook output may contain secrets or sensitive content (credentials, code snippets) — sanitize outputs or restrict what the agent can access. 5) Run included scripts (init-project.py, create-output-style.py) in a safe/test directory first to see their exact effects.Like a lobster shell, security has layers — review code before you run it.
latestvk9782yx6nege5scy7nv4y3xxgn84e93h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.