告别不规范代码,让 AI 成为你的代码质量守护者
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a benign code-quality assistant, but it reads local project structure and can reuse project/custom feedback, so review those settings before relying on it.
This skill is reasonable for code-style enforcement and review. Before installing, check any `.coderules.json` in the project, avoid running the analyzer on unrelated private directories, and be aware that some advertised framework/language rule files are missing from the provided package.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may read project metadata and enumerate source structure before generating or reviewing code.
The skill directs the agent or user to inspect local project files and optionally run the included analyzer. This is central to the stated code-rules purpose and the included script shows bounded local reads, but it is still local project access users should notice.
在生成任何代码前,先分析项目技术栈:读取 package.json...检查配置文件...检查源码文件扩展名分布...可运行 node scripts/analyzer.js [项目路径]
Run it only against the intended project path and review any proposed file changes before applying them.
A stale or unreviewed project rule could steer future generated code in unexpected ways.
Project-supplied custom rules and remembered feedback are intended features, but they become high-priority context that can influence future code generation.
用户可在项目根目录创建 `.coderules.json` 覆盖默认规范...优先级:用户自定义(100)> 自定义规则(90)...AI 会记住反馈,下次生成时自动应用
Review `.coderules.json` in unfamiliar repositories, keep feedback project-specific, and avoid putting secrets or sensitive business logic into reusable rules.
For some advertised languages or frameworks, the assistant may lack the actual detailed rules and provide incomplete guidance.
The rule index references several rule files that are not included in the supplied file manifest, while SKILL.md advertises support for those stacks.
rust -> languages/rust.json; java -> languages/java.json; nuxt -> frameworks/nuxt.json; django -> frameworks/django.json; springboot -> frameworks/springboot.json
Verify or add the missing rule files before relying on this skill for Rust, Java, Nuxt, Django, or Spring Boot projects.