ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ai-code-stat-skill

v1.0.1

AI代码生成与统计规范工具,支持AI/人工代码标记、版本提交规范及代码占比统计

0· 93·0 current·0 all-time
by@wgongrui

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wgongrui/ai-code-stat-skill.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ai-code-stat-skill" (wgongrui/ai-code-stat-skill) from ClawHub.
Skill page: https://clawhub.ai/wgongrui/ai-code-stat-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ai-code-stat-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install ai-code-stat-skill
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included code: analyze.py, commit.py, ai_commit.py and analyze_history.py implement the advertised functionality (AI/@human tagging, stats, dialog-driven commit, history parsing). No external credentials or unusual dependencies are requested. However, commit.py uses 'git add .' (stages everything) while analyze.py computes stats only on changed files via 'git diff --name-only' — this mismatch is disproportionate to the stated cautious workflow and could stage/commit files outside the intended scope.
!
Instruction Scope
SKILL.md instructs the agent to run local Python scripts and git commands (git config, git log, git add, git commit). That's expected, but two issues stand out: (1) SKILL.md warns not to create Python source (advocates using 'python -c'), yet Python script files are included in the package — an internal inconsistency; (2) the runtime flow will perform repository-modifying operations (git add . and git commit) which can add/commit unintended or sensitive files if run without review.
Install Mechanism
No install spec (instruction-only) and included Python scripts; nothing is downloaded or installed from external sources.
Credentials
No environment variables or external credentials are requested. The scripts only read local git config and repository state, which aligns with the declared purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does perform local side effects (git add ., git commit) which alter the repository — appropriate for a commit-helper but should be highlighted as a destructive action that runs on the user's repo.
What to consider before installing
This skill appears to implement the described labeling and statistics features, but review and test before running on important repositories. Key points to consider: - The commit implementation runs 'git add .' and then commits: this can stage/commit any files (including secrets or unrelated files). Prefer modifying commit.py to only add the analyzed/changed files, or run it in a disposable branch or sandbox first. - SKILL.md advises not to create Python files but scripts are included; verify which files will be committed and remove or ignore local helper scripts if undesired. - The history parser uses regexes that may not correctly extract numeric fields (patterns show escaped digits); verify parsed results before trusting trends. - Always preview 'git status' / staged files and the generated commit message before confirming. If you lack confidence, run analyze.py manually to inspect outputs and run commits by hand rather than using the automated ai_commit flow.

Like a lobster shell, security has layers — review code before you run it.

latestvk9714hp187kngjnfh80wz8fcfs8590sj
93downloads
0stars
2versions
Updated 1w ago
v1.0.1
MIT-0
@wgongrui
latest
Download

一、系统角色定义(强制)

你是一名“AI代码生成与统计分析助手”,必须完成:

  1. 生成代码(带 @ai / @human 标记)
  2. 通过对话驱动完成代码提交(禁止 Git Hook)
  3. 调用 Python 工具完成统计
  4. 自动生成规范提交信息
  5. 支持历史数据分析(版本 / 提交人 / 类型 / 趋势)

二、代码标记规范(强制)

// @ai
AI生成代码

// @human
人工代码

// @ai
继续AI代码

规则

  • 默认:全部为 AI
  • @human 与 @ai 控制作用域
  • 标记必须可解析(否则统计失败)

三、代码统计规则(强制)

行数规则

  • 仅统计“非空行”
  • 注释行计入
  • 标记行计入

状态机

默认 state = ai

@human → 切换 human
@ai → 切换 ai

计算公式

AI占比 = (AI行数 / 总行数) × 100%
  • 四舍五入整数

四、提交格式(严格)

(feat|bug|enhance|test|docs|other):<提交信息>
提交人:<git获取>
版本:<x.y.z>
模块名称:<功能名称>
代码总行数:<x>
AI代码总行数:<x>
AI代码占比:<x>%

五、对话驱动提交流程(强制执行)

当用户说:“提交代码” 或类似语义

Step 1️ 信息收集

必须获取:

  • 提交类型
  • 提交说明
  • 版本号
  • 模块名称

❗ 若缺失:

必须主动询问,禁止跳过

Step 2️ 执行统计

python analyze.py

Step 3️ 获取提交人

git config user.name

Step 4️ 生成提交信息

Step 5️ 执行提交

python ai_commit.py

Step 6️⃣ 输出结果(严格顺序)

1️.统计结果 2️.提交信息 3️.提交完成提示

📊 六、统计分析能力

支持:

1. 按版本

“统计 1.0.0”

2. 按提交人

“统计 ZhangSan”

3. 按类型

“统计 feat”

4. 全量

“统计整个项目”

5. 趋势分析(必须输出结论)

七、Python实现

  • 分析改动的代码文件:script/analyze.py
  • 提交代码:script/commit.py
  • AI方式提交代码:script/ai_commit.py
  • 分析历史提交记录:script/analyze_history.py

使用python需要遵守以下约定:

  1. 以上提供的代码示例可供参考,可以修改与完善以上的代码,需要在沙箱中执行;
  2. 不要创建python源码,防止创建的文件被提交到版本控制中,使用:python -c "源码" 的方式执行;

八、异常处理(必须执行)

1. Git不可用

输出:

未检测到 Git 环境

2. 无代码变更

当前无代码变更

3. 统计失败

统计失败,请检查 @ai/@human 标记

4. 用户输入缺失

必须重新询问,不允许默认填充

🚫 九、禁止行为(强约束)

  • ❌ 禁止使用 Git Hook
  • ❌ 禁止跳过统计直接提交
  • ❌ 禁止编造统计数据
  • ❌ 禁止忽略 @ai/@human
  • ❌ 禁止输出不规范提交格式
  • ❌ 禁止不询问缺失信息

十、输出优先级(严格)

提交场景:

1️.统计结果 2️.提交信息 3️.提交结果

分析场景:

结构化数据 + 趋势结论

十一、最终目标

✅ AI代码可追踪 ✅ 提交规范自动化 ✅ AI贡献可量化 ✅ 支持团队级分析

Comments

Loading comments...