ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Laizy

v0.3.0

Orchestrate repo-native, supervised software delivery with the Laizy CLI. Use when a user wants to bootstrap or continue a multi-step coding run with explici...

0· 131·0 current·0 all-time
by@xiaolonggao521

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xiaolonggao521/laizy.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Laizy" (xiaolonggao521/laizy) from ClawHub.
Skill page: https://clawhub.ai/xiaolonggao521/laizy
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: laizy
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install laizy

ClawHub CLI

Package manager switcher

npx clawhub@latest install laizy
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requirements: the skill delegates to a 'laizy' CLI, and the install record creates a 'laizy' binary from the GitHub npm package. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md is limited to supervising Laizy CLI workflows (start-run, supervisor-tick), reading local run artifacts, steering planner/implementer workers, and running verification commands emitted by Laizy. This is appropriate for a control-plane tool, but be aware the instructions explicitly tell the agent to run verification commands and to perform repository actions (commit/push) as directed by Laizy output — so trust in the laizy binary and review emitted artifacts before executing actions that modify or push repo state.
Install Mechanism
Install is a node package pulled from GitHub (package: github:XiaolongGao521/Laizy) which creates a 'laizy' binary. This is expected for a CLI distributed via npm/GitHub, but installing code from a third-party GitHub repo is a moderate-risk operation compared to instruction-only skills. Verify the upstream project before installing.
Credentials
No environment variables, credentials, or config paths are required by the skill. Repo push/commit behavior will use existing user git credentials, which is consistent with the tool's purpose.
Persistence & Privilege
Skill does not request always:true, does not declare system-wide config modifications, and is user-invocable. It does not demand persistent privileges beyond the installed CLI binary.
Assessment
This skill is a control-plane wrapper around an external CLI (laizy). Before installing or running: 1) Inspect and trust the upstream GitHub repo (XiaolongGao521/Laizy) because the npm install will run third-party code. 2) When supervising runs, review any generated 'supervisor' artifacts and the verification commands before executing them — the skill explicitly instructs the agent to run emitted commands and to commit/push; those actions can change your repo. 3) No extra credentials are requested by the skill itself, but repository push operations will use your existing git credentials, so ensure your environment is secure. If you want lower risk, run Laizy manually in an isolated environment or audit the package source before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🪄 Clawdis
Binslaizy

Install

Install Laizy CLI from GitHub (npm)
Bins: laizy
npm i -g github:XiaolongGao521/Laizy
latestvk973pnt6abgmerp5ved2fqpcqs83vwnr
131downloads
0stars
2versions
Updated 1mo ago
v0.3.0
MIT-0
@xiaolonggao521
latest
Download

Laizy

Use Laizy as the control plane around existing coding agents, not as a replacement for them.

Core workflow

  1. Create or refresh a local milestone plan file for the target repo.
    • Use a local IMPLEMENTATION_PLAN.md by convention.
    • Keep it out of git unless the user explicitly wants it committed.
    • If the repo does not have actionable milestones yet, use the planner-needed bootstrap template in {baseDir}/references/planner-bootstrap.md.
  2. Bootstrap the run once with laizy start-run.
  3. Use laizy supervisor-tick as the source of truth for every later decision.
  4. Read the emitted bundle and follow the bounded next action instead of improvising the next step in chat.

Commands

Bootstrap a run:

laizy start-run \
  --goal "<user goal>" \
  --plan IMPLEMENTATION_PLAN.md \
  --out state/runs/<run-name>.json

Evaluate the next action:

laizy supervisor-tick \
  --snapshot state/runs/<run-name>.json \
  --out-dir state/runs/<run-name>.supervisor

Decision map

Read {baseDir}/references/decision-map.md for the full artifact map. The short version is:

  • plan / replan
    • Read the emitted planner.request document.
    • Spawn or steer a planner worker to author/repair the plan.
    • If the run was bootstrapped in needs-plan mode, re-run start-run after the planner lands the first actionable milestone queue.
  • continue
    • Read the emitted implementer contract.
    • Execute exactly one bounded milestone.
  • recover
    • Read the emitted recovery plan.
    • Resume safely without widening scope.
  • verify
    • Run the emitted verification command.
    • Record the result before marking a milestone complete.
  • closeout
    • Disable or pause the watchdog.
    • Stop the loop.

Runtime-profile rules

Use the runtime profile emitted by Laizy when spawning planner, implementer, recovery, or verifier workers.

  • Prefer the selected model, thinking, and reasoningMode when the platform allows them.
  • If the exact model is rejected by account policy, fall back to an allowed model while preserving the same bounded contract and intended thinking level.
  • In shared/group chat surfaces, keep reasoning visibility conservative by default.

Repo hygiene

Treat generated run artifacts as local state:

  • keep state/runs/ out of git
  • keep state/verification/ out of git
  • keep generated .tgz files out of git
  • keep local maintainer plan files out of git unless the user explicitly wants them committed

References

  • Read {baseDir}/references/decision-map.md for emitted artifact names and what to do for each supervisor decision.
  • Read {baseDir}/references/planner-bootstrap.md when you need a clean planner-needed starting point for a new multi-step run.

Comments

Loading comments...