ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Super Dev Pipeline

v2.3.0

Super Dev pipeline governance: research-first, commercial-grade AI coding delivery with 10 expert roles, quality gates, and audit artifacts.

0· 94·0 current·0 all-time
bySYHUB@shangyankeji
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, declared required binary (super-dev), the listed Tools and the SKILL.md all describe a dev pipeline/governance system and consistently require a local super-dev CLI. Reading project knowledge files and producing output docs is coherent with the stated purpose.
Instruction Scope
Instructions mandate reading local project knowledge (knowledge/, output/*, .super-dev state files) and enforce quality gates and manual confirmation — all reasonable for a pipeline. The skill (and its Tools) also allow running arbitrary CLI commands via super_dev_run, and the agent is expected to perform network research when not offline. That broad host-level capability is consistent with a dev tool but increases risk if the underlying CLI or plugin is malicious or misconfigured.
Install Mechanism
Install spec points to a package install (labelled 'pip install super-dev') rather than an arbitrary download; this is more traceable than a direct URL but still involves installing third‑party code from a package registry (moderate risk). No suspicious download URLs or archive extracts are present in the spec.
Credentials
The skill declares no required environment variables, credentials, or config paths beyond needing the super-dev binary. The files and instructions reference only project-local paths, which are proportionate to a pipeline/governance tool.
Persistence & Privilege
always:false and normal model invocation mean the skill is not force-included and does not request elevated platform privileges. It does instruct installing a plugin and using the local CLI, which is normal for this class of tool and confined to its own scope.
Assessment
This skill appears internally consistent for a local dev pipeline: it expects a local 'super-dev' CLI and operates on project files and outputs. Before installing or enabling it, do the following: (1) Verify the source and authenticity of the 'super-dev' package (inspect the PyPI/package repo, check maintainer and release history). (2) Review what the installed super-dev binary and the @super-dev OpenClaw plugin actually do (read their code or run in a sandbox) because the Skill grants the agent the ability to run CLI commands and access project files. (3) Avoid placing secrets or cloud credentials in knowledge/ or output/ directories the skill will read. (4) Consider running the package in an isolated environment (container or VM) first. If you cannot inspect the super-dev package or plugin source, treat activation as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk97epy9smc971rm0b9ycpb4jws841rep

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binssuper-dev

Install

pip install super-dev
Bins: super-dev

SKILL.md

Super Dev - AI 开发治理 Skill

pip install super-devopenclaw plugins install @super-dev/openclaw-plugin

定位

  • 插件(Plugin):桥梁,将 13 个 Tool 注册到 OpenClaw,每个 Tool 调用本地 super-dev CLI
  • 技能(Skill):引导 OpenClaw Agent 按治理协议工作,确保流程不被跳过
  • CLI:核心治理引擎,提供流程编排、质量门禁、审计产物

OpenClaw Agent 负责:模型调用、联网搜索、文件读写、代码生成。 Super Dev 负责:流程规范、质量门禁、设计约束、交付标准。

触发

用户输入 /super-dev <需求>super-dev: <需求> 时,进入流水线模式。

知识库契约(强制)

每个阶段开始前,必须检查并读取项目知识库:

  1. 读取 knowledge/ 目录中与当前阶段相关的知识文件
  2. 读取 output/knowledge-cache/*-knowledge-bundle.json(若存在)
  3. 知识库中的标准 = 硬约束(必须遵循)
  4. 知识库中的检查清单 = 门禁(必须逐项通过)
  5. 知识库中的反模式 = 禁止项(必须回避)
  6. 读取 output/*-ai-prompt.md 中的"知识推送"章节(含阶段约束和反模式)

阶段-知识域映射:

  • research/docs → product, architecture, design, security
  • frontend → frontend, design, development (按技术栈过滤)
  • backend → backend, data, security (按技术栈过滤)
  • quality → testing, security, operations

流水线(使用 Plugin Tool)

Step 1: 启动流水线

调用 super_dev_pipeline Tool:
  description: "用户的需求描述"
  frontend: "react"
  backend: "node"

产出: output/*-research.md, output/*-prd.md, output/*-architecture.md, output/*-uiux.md

Step 2: 文档确认门禁 — 强制暂停

三份核心文档已完成。请查看后确认。
调用 super_dev_review Tool:
  type: "docs"
  status: "confirmed"
  comment: "用户已确认"

未经确认不得编码。

Step 3: Spec 创建

调用 super_dev_spec Tool:
  action: "propose"
  changeId: "feature-name"
  title: "功能标题"
  description: "功能描述"

Step 4: 前端实现

由 OpenClaw Agent 按 output/*-uiux.md 和 tasks.md 实现前端,然后验证:

调用 super_dev_run Tool:
  command: "run frontend"

Step 5: 预览确认门禁 — 强制暂停

请用户预览前端效果。不满意则 UI 返工。

Step 6: 后端实现

由 OpenClaw Agent 实现后端 + 测试。

Step 7: 质量检查

调用 super_dev_quality Tool:
  type: "all"

必须 >= 80 分才能继续。未达标则修复后重跑。

Step 8: 部署配置

调用 super_dev_deploy Tool:
  cicd: "github"
  docker: true

Step 9: 交付

调用 super_dev_release Tool:
  action: "proof-pack"

可用 Tool 速查

Tool用途关键参数
super_dev_pipeline启动完整流水线description, frontend, backend
super_dev_init初始化项目name, frontend, backend
super_dev_status查看状态
super_dev_quality质量门禁type: all/code/prd
super_dev_specSpec 管理action: list/propose/validate
super_dev_review门禁确认type: docs/ui/architecture
super_dev_release发布管理action: readiness/proof-pack
super_dev_expert专家咨询role: PM/ARCHITECT/SECURITY...
super_dev_deploy部署配置cicd, docker, rehearsal
super_dev_analyze项目分析
super_dev_doctor环境诊断host
super_dev_config配置管理action: list/get/set
super_dev_run通用命令command: 任意 CLI 命令

首轮响应

用户首次触发时,回复:

Super Dev 流水线已激活。

当前阶段:research
顺序:research → 三文档 → 确认 → Spec → 前端 → 后端 → 质量 → 交付
三文档完成后暂停等确认。

正在启动...

然后立即调用 super_dev_pipeline Tool。

UI 强制规则

  • 禁止 emoji 充当功能图标
  • 禁止紫/粉渐变主视觉
  • 必须先定义设计 Token 再实现页面
  • 组件需完整状态(hover/focus/loading/empty/error)

返工

场景操作
UI 不满意更新 uiux.md → 重做前端 → super_dev_review type:ui status:confirmed
架构变更更新 architecture.md → 同步 tasks → super_dev_review type:architecture status:confirmed
质量不达标修复 → super_dev_qualitysuper_dev_review type:quality status:confirmed

恢复

super_dev_status             → 查看当前状态
super_dev_run command:"run --resume"  → 从中断处继续

System Flow Contract

  • PHASE_CHAIN: research>docs>docs_confirm>spec>frontend>preview_confirm>backend>quality>delivery
  • DOC_CONFIRM_GATE: required
  • PREVIEW_CONFIRM_GATE: required

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…