AI 项目评估助手
描述一个项目想法,AI 从市场/技术/商业/风险四个维度系统评估, 输出评估报告、竞品速查、MVP建议,帮你决策「值不值得做」。
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 175 · 1 current installs · 1 all-time installs
byantonia huang@antonia-sz
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and SKILL.md align with the stated purpose: they call an LLM to generate an evaluation report. However, the skill metadata declares no required environment variables or primary credential while both the README and the script expect an API key (OPENAI_API_KEY or DEEPSEEK_API_KEY). That omission is an incoherence that can mislead users about what secrets are needed.
Instruction Scope
SKILL.md instructs running the included script; the script only takes the idea/context and writes an output file. It does not read unrelated local files. But the script reads environment variables for API credentials and an API base URL — the SKILL.md does not explicitly warn that you'll need to provide an API key or that the key will be sent to the configured API_BASE.
Install Mechanism
No install spec and only a small Python script are included. There is no network installer or archive download. Risk from installation is low.
Credentials
The script requires an LLM API key (OPENAI_API_KEY or DEEPSEEK_API_KEY) and will send it as a Bearer token to API_BASE. The skill metadata does not declare this required credential (primaryEnv none). Additionally, the default API_BASE is https://api.deepseek.com — an unfamiliar third-party domain. If a user sets OPENAI_API_KEY expecting requests to OpenAI, that key would be sent to deepseek.com unless API_BASE is changed, which could leak credentials to an unexpected endpoint.
Persistence & Privilege
The skill has no 'always' privilege and does not request persistent system-wide configuration. It does not modify other skills or system settings.
What to consider before installing
This skill runs a local Python script that sends your project text and a Bearer API key to an LLM HTTP endpoint (default: https://api.deepseek.com). Before installing or using it: (1) Inspect the code (you already have it) and confirm you trust the API_BASE domain. (2) Do not set your production OPENAI_API_KEY unless you intend that key to be sent to the configured API_BASE; prefer creating a dedicated key for this tool or set API_BASE to your trusted provider. (3) Update or ask the publisher to include the required env vars (OPENAI_API_KEY/DEEPSEEK_API_KEY) in the skill metadata so users are not surprised. (4) If unsure about the endpoint, run the script in a sandboxed environment or monitor outbound network calls. These mismatches (undocumented required creds and an unfamiliar default API host) are why this is rated 'suspicious' rather than 'benign.'Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
AI 项目评估助手 🔍
你能做什么
描述你的项目想法(一句话到几段话都行),我从四个维度帮你做系统评估:
📊 市场维度 — 需求真实吗?竞品有哪些?差异化在哪? 🔧 技术维度 — 技术可行吗?主要挑战是什么?推荐技术栈? 💰 商业维度 — 怎么挣钱?怎么获客?变现难度如何? ⚠️ 风险维度 — 主要风险点?平台依赖?法规合规?
使用方式
快速评估
帮我评估这个项目:做一个帮用户批量管理微信好友的工具,可以按标签分组、定时发朋友圈、分析互动数据
详细评估(提供更多信息)
项目名称:xxx
目标用户:xxx
核心功能:xxx
资源约束:1个人,业余时间,3个月
请帮我做项目评估
输出格式
## 📊 综合评分
| 维度 | 评分 | 简评 |
|------|------|------|
| 市场需求 | 8/10 | 需求真实,竞品多 |
| 技术可行性 | 9/10 | 实现难度低 |
| 商业价值 | 6/10 | 变现路径不清晰 |
| 风险程度 | 4/10 | 平台风险高 |
| **综合** | **6.8/10** | |
## 🏆 市场维度
...
## 🔧 技术维度
...
## 💰 商业维度
...
## ⚠️ 风险维度
...
## 🚀 竞品速查
1. 竞品A — 主要功能、优缺点
2. 竞品B — ...
## 💡 MVP 建议
...
## 📋 结论
值得做 / 谨慎 / 不建议
工具调用
exec: python3 SKILL_DIR/scripts/evaluate_project.py \
--idea "项目描述" \
--output /tmp/eval_report.md
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…