ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CLI Scaffold Generator

v1.0.0

生成专业 CLI 脚手架,支持 Commander.js, yargs, oclif 等主流 CLI 框架,一键生成完整项目结构。

0· 374·2 current·2 all-time
by@sunshine-del-ux
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README/description claims support for multiple CLI frameworks (commander, yargs, oclif, ink) and flag-style invocation (--framework, --description). The included cli-scaffold-generator.sh implements only a simple positional-argument generator that always emits a Commander-based template and always lists 'commander' and 'chalk' in dependencies regardless of chosen framework. That mismatch between claimed capabilities and actual code is inconsistent with the stated purpose.
Instruction Scope
SKILL.md contains only innocuous usage examples and no requests for secrets or system paths. The provided shell script creates files and sets an executable bit in the current directory (expected for a scaffold generator). It does not access network endpoints or environment variables. However, SKILL.md shows flag-style usage that the script does not implement (positional args only), which is misleading.
Install Mechanism
No install spec is present and the skill is 'instruction-only' with one helper shell script. Nothing is downloaded or extracted from external URLs, so there is no extra install-time risk.
Credentials
No credentials, config paths, or environment variables are requested. The script does not attempt to read unrelated files or secrets.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges. It writes only to a subdirectory named by the provided project name (normal for a scaffold generator).
What to consider before installing
This package is inconsistent rather than obviously malicious, but you should not run it blindly. Specific points to check before using: (1) inspect cli-scaffold-generator.sh — it always generates a Commander.js template (contrary to the SKILL.md), and package.json unconditionally includes commander and chalk; (2) the generated JavaScript contains a syntax error (extra closing parenthesis in 'new Command());') that will break the scaffolded CLI; (3) SKILL.md shows flag-style CLI options, but the script expects positional arguments — the interfaces are mismatched; (4) run the script only in an isolated directory or container to avoid unexpected file writes, and consider fixing the script (syntax error and framework selection logic) or using a vetted generator instead; (5) if you plan to execute generated package scripts (npm install, npm publish), review package.json and node scripts first. If you want higher assurance, ask the author for an updated implementation that actually implements framework selection, corrects the JS syntax, and documents exact usage.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🖥️ Clawdis
clivk97c46ssamt4m4km8a14cbhr9n8251hxcommandervk97c46ssamt4m4km8a14cbhr9n8251hxgeneratorvk97c46ssamt4m4km8a14cbhr9n8251hxlatestvk97c46ssamt4m4km8a14cbhr9n8251hxscaffoldvk97c46ssamt4m4km8a14cbhr9n8251hx
374downloads
0stars
1versions
Updated 4h ago
v1.0.0
MIT-0
@sunshine-del-ux
clicommandergeneratorlatestscaffold
Download

CLI Scaffold Generator

快速生成专业的 CLI 应用程序脚手架。

功能

  • ⚡ 快速生成项目结构
  • 📝 支持多种 CLI 框架
  • 🎯 完整的命令模板
  • 📖 自动生成帮助文档
  • 🧪 测试模板
  • 📦 发布到 npm

支持的框架

框架说明流行度
Commander.jsNode.js CLI 标准⭐⭐⭐⭐⭐
yargs参数解析强大⭐⭐⭐⭐
oclifSalesforce 出品⭐⭐⭐⭐
InkReact-based CLI⭐⭐⭐

使用方法

基本用法

# 使用 Commander 生成 CLI
cli-scaffold-generator my-cli --framework commander

# 使用 yargs
cli-scaffold-generator my-tool --framework yargs

# 指定描述
cli-scaffold-generator my-app --framework commander --description "My awesome CLI tool"

选项

选项说明
--framework, -fCLI 框架 (commander/yargs/oclif/ink)
--description, -d项目描述
--author作者名称
--output, -o输出目录

生成的项目结构

my-cli/
├── bin/
│   └── my-cli.js       # 入口文件
├── lib/
│   └── command.js       # 命令实现
├── test/
│   └── index.test.js   # 测试文件
├── package.json
├── README.md
└── .gitignore

包含的功能

  • ✅ 命令行参数解析
  • ✅ 帮助信息自动生成
  • ✅ 子命令支持
  • ✅ 选项和标志
  • ✅ 错误处理
  • ✅ 彩色输出

示例输出

package.json

{
  "name": "my-cli",
  "version": "1.0.0",
  "description": "My awesome CLI tool",
  "bin": {
    "my-cli": "./bin/my-cli.js"
  },
  "scripts": {
    "test": "jest"
  }
}

入口文件

#!/usr/bin/env node
const { Command } = require('commander');
const program = new Command();

program
  .name('my-cli')
  .description('My awesome CLI tool')
  .version('1.0.0');

program
  .command('greet')
  .description('Greet someone')
  .argument('<name>', 'Name to greet')
  .action((name) => {
    console.log(`Hello, ${name}!`);
  });

program.parse();

本地测试

cd my-cli
npm link
my-cli greet World

发布到 npm

npm login
npm publish

变现思路

  1. CLI 工具模板 - 销售专业 CLI 模板
  2. 定制开发 - 为企业定制 CLI 工具
  3. 培训课程 - CLI 开发教程
  4. 工具库 - 收集常用 CLI 工具打包出售

安装

# 无需额外依赖

Comments

Loading comments...