ClawHub

Superpowers (OpenClaw)

v1.0.0

提供系统化的 AI 编程工作流支持,包括测试驱动开发、代码审查、重构、文档生成和自动化验收测试。

0· 892·2 current·2 all-time
by@yantianlong-01
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the SKILL.md: it documents an AI programming workflow framework (TDD, review, refactor, docs). No unrelated capabilities, env vars, or binaries are requested.
Instruction Scope
SKILL.md tells the user to clone or symlink a GitHub repo into a local plugin directory (~/.continue/plugins/superpowers) and references platform-specific install commands. It does not instruct reading unrelated system files or requesting credentials, but it does direct the agent/user to fetch and install external code.
Install Mechanism
There is no automated install spec in the registry; installation is manual via git clone or platform-specific plugin install. Cloning from a GitHub repo is a common install method but will write external code to disk and may introduce arbitrary code — validate the repo and contents before installing.
Credentials
No environment variables, secrets, or config paths are requested. The skill does not ask for credentials or access to unrelated services.
Persistence & Privilege
always:false and no install-time scripts declared. The SKILL.md suggests installing a plugin into a user plugin directory (normal for editor/agent plugins) but does not request system-wide privileges or modify other skills.
Assessment
This skill is an instruction-only wrapper pointing you to an external GitHub plugin. Before installing: (1) verify the GitHub URL and owner are legitimate (check commits, stars, issues, and repo history); (2) inspect the repository contents (especially install scripts, config.json, and any binaries) for unexpected network calls or post-install hooks; (3) if possible, install and test in a sandbox or non-production environment; (4) avoid granting credentials or running unknown installers on servers. The skill itself does not request secrets, but cloning and running external plugin code can execute arbitrary actions, so validate the upstream source before proceeding.

Like a lobster shell, security has layers — review code before you run it.

aivk973y8r05e9rnjmg5k2e0x39zx83m8nfclaudevk973y8r05e9rnjmg5k2e0x39zx83m8nfcodingvk973y8r05e9rnjmg5k2e0x39zx83m8nflatestvk973y8r05e9rnjmg5k2e0x39zx83m8nfprogrammingvk973y8r05e9rnjmg5k2e0x39zx83m8nf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments