ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Vibe Coding 可行性评估

描述一个功能或项目,AI 快速评估用 Cursor/Windsurf/Bolt 等 AI 编程工具能否独立实现, 给出可行性判断、推荐工具、拆解路径和风险提示。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 173 · 1 current installs · 1 all-time installs
byantonia huang@antonia-sz
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose (assess whether tasks can be done with AI coding tools) reasonably requires calling an LLM. However, the package metadata declares no required env vars/credentials while the shipped script expects OPENAI_API_KEY or DEEPSEEK_API_KEY; that mismatch is unexpected and should have been declared.
Instruction Scope
SKILL.md instructs the agent to run the bundled script (scripts/evaluate_vibe.py) with a user-provided idea. The instructions themselves do not request unrelated files, but the script will transmit the idea text to an external chat/completions endpoint — user content (potentially sensitive) will leave the environment.
Install Mechanism
No install spec and no third-party downloads. The skill is instruction-only plus a local CLI script, so nothing is fetched or extracted at install time.
!
Credentials
The script requires a single API key (OPENAI_API_KEY or DEEPSEEK_API_KEY) and uses API_BASE defaulting to https://api.deepseek.com. The registry metadata and SKILL.md do not declare this requirement (README does mention DEEPSEEK_API_KEY), creating an undeclared secrets dependency. Sending user ideas and context to an external LLM endpoint may expose proprietary or sensitive information — the destination (deepseek.com) and its privacy policies are not documented here.
Persistence & Privilege
The skill does not request persistent/always-on privileges, does not modify other skills, and does not require system-level config changes.
What to consider before installing
This skill runs a bundled Python script that sends your idea text to an external LLM API and requires an API key — but the skill metadata did not declare that requirement. Before installing or running: 1) Review scripts/evaluate_vibe.py (you already have it) and confirm you are comfortable sending the kinds of ideas you will query to the default API_BASE (https://api.deepseek.com) or whichever endpoint you set. 2) If you have sensitive or proprietary ideas, do not provide them unless you trust the endpoint and its privacy/retention policy. 3) Provide an API key you control (prefer OPENAI_API_KEY if you prefer OpenAI) rather than reusing high-privilege or long-lived credentials. 4) Ask the publisher to update the skill metadata to list the required env var(s) and document the default API endpoint and privacy expectations. 5) If unsure, run the script in a sandbox or with non-sensitive example prompts first.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk974gs5eggrk8zfhjmk3bc8ned82jetm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Vibe Coding 可行性评估 ⚡

你能做什么

描述你想做的功能或项目,我帮你评估:

  • 能不能用 Cursor / Windsurf / Bolt 等 AI 工具独立完成?
  • 哪个工具最适合这个任务?
  • 怎么拆解成 AI 能处理的子任务?
  • 哪里最容易卡住,需要提前知道?

使用方式

快速问答

做一个小红书评论分析的 Chrome 插件,能 vibe coding 实现吗?

详细描述

我想做:
- 一个网页工具,用户上传 Excel,自动清洗数据(去重、格式化、填充缺失值),生成预览并下载
- 技术栈不限
- 我有基础 Python 知识
能 vibe coding 搞定吗?

评估维度

维度说明
技术复杂度逻辑是否清晰,还是需要深度领域知识
Context 长度单次能装进 AI 上下文窗口吗
外部依赖第三方 API/SDK 是否有完整文档
调试难度出错时 AI 能自我修复吗
前/后端难度哪一层更适合 vibe coding

输出格式

## 评估结论

✅ 可以独立 vibe coding 实现
(或 ⚠️ 需要部分人工介入 / ❌ 不建议纯 vibe coding)

## 推荐工具
- 主力:Cursor(复杂逻辑)
- 辅助:v0.dev(UI 原型)

## 拆解路径
1. 第一步:用 v0 生成 UI 框架(1小时)
2. 第二步:用 Cursor 实现 Excel 解析逻辑(2小时)
3. 第三步:...

## ⚠️ 风险提示
- Excel 格式多样,边界情况多,AI 可能漏掉某些格式
- 大文件性能优化需要人工介入

## 💡 实战建议
[具体的提示词策略或注意事项]

工具调用

exec: python3 SKILL_DIR/scripts/evaluate_vibe.py --idea "功能描述"

Vibe Coding 工具参考

工具最适合局限
Cursor复杂全栈项目、有大量代码的项目需要懂一点代码才能 review
Windsurf全自动从零到一超长项目容易失控
Bolt / StackBlitz纯前端、原型演示不适合复杂后端
v0.devReact UI 生成仅限 UI,无业务逻辑
Replit AI快速 demo、脚本不适合大型项目
Claude Code复杂重构、需要理解整个代码库需要 terminal 环境

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…