Aegis Quality Guardian
v1.4.0AI Development Quality Guardian — contract-driven, design-first quality guardrails for AI-assisted full-stack development. Five-layer defense: Design → Contr...
⭐ 1· 139·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (contract-first guardrails for AI development) matches the provided scripts and templates: detect-stack, init-project, setup-guardrails, contract validation and type generation. The resources requested (filesystem access, project files) are expected for this purpose; no unrelated cloud credentials or unexpected binaries are required.
Instruction Scope
SKILL.md and the scripts instruct the agent to scan the entire repository (package.json, tsconfig, Dockerfiles, docs/designs/, contracts/) and to read/write project files (.aegis/, contracts/, .git/hooks, .github/workflows). This is appropriate for a guardrails tool but is intrusive: it will create files, install pre-commit hooks, and add CI workflows. The scripts also run generation/validation commands (npx, python3/pip) when invoked — review before running in a sensitive repo.
Install Mechanism
There is no external install spec for the skill itself (instruction-only). The included scripts rely on common package managers (npx/openapi-typescript, pip/pyyaml) and standard public images in docker-compose. There are no downloads from personal servers, URL shorteners, or IP addresses. The scripts may auto-install Python package pyyaml (pip) or run npx which fetches npm packages on demand — expected for type generation but worth noting.
Credentials
The skill declares no required environment variables or credentials. Scripts generate docker-compose files with default 'test' DB credentials for local integration testing (e.g., POSTGRES_USER/POSTGRES_PASSWORD=test) — these are default test values and not secret exfiltration. No broad or unrelated secret access is requested.
Persistence & Privilege
The skill does write files into the project (templates, .aegis scripts, pre-commit hook, CI config) and installs a pre-commit hook if .git is present; this is consistent with its stated role. It does not request platform-level 'always' inclusion nor modify other skills. Installing hooks/CI is invasive by design but proportionate.
Assessment
This skill appears to do what it says: it will scan your repo and create guardrail files (contracts/, .aegis/, pre-commit hook, CI workflows, docker-compose) and run common tools (npx, python3/pip). Before installing/running: review the scripts (especially init-project.sh and setup-guardrails.sh), run them in a copy or disposable branch first, and confirm you are comfortable with added files and the pre-commit hook (you can bypass commits with --no-verify). Note that type generation uses npx/pip which will fetch packages from public registries — ensure that is acceptable in your environment.Like a lobster shell, security has layers — review code before you run it.
contractvk97etbg3cjva8v4yt6sra9gzk583wgwacontract-firstvk974w2tyqgja8spc0mn89yshm983prfdcontractsvk9721m09hqr9qqbxh7869hggh983zzxmcross-workspacevk97etbg3cjva8v4yt6sra9gzk583wgwafrontend-testingvk9702hcxbreratf71evqrq733183wfm4fullstackvk9721m09hqr9qqbxh7869hggh983zzxmguardrailsvk974w2tyqgja8spc0mn89yshm983prfdlatestvk9721m09hqr9qqbxh7869hggh983zzxmmulti-agentvk97etbg3cjva8v4yt6sra9gzk583wgwaqualityvk9721m09hqr9qqbxh7869hggh983zzxmtestingvk9721m09hqr9qqbxh7869hggh983zzxm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.