Augment Code
v1.0.0Augment Code AI 编程助手,精通企业级代码理解、大型代码库导航、上下文感知补全
⭐ 0· 93·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (enterprise code-augmentation, repository indexing, context-aware completions) match the content of SKILL.md. The skill declares no binaries, env vars, or install steps beyond recommending a VS Code extension, which is coherent for a documentation-only skill.
Instruction Scope
SKILL.md describes scanning repositories, building indexes, performing cross-repo analysis, autonomously locating/modifying files and running tests. However, the file does not include concrete runtime commands, paths, or requests to read unrelated system files or secrets. The described agent-mode behaviors are broad and would require the agent or external tools to have filesystem and execution privileges; the skill text itself does not grant or request those privileges.
Install Mechanism
No install spec or code files are present; the SKILL.md simply points users to install a VS Code extension via the marketplace. Because nothing is downloaded or executed by the skill bundle itself, there is low install risk in this package.
Credentials
The skill declares no required environment variables, credentials, or config paths. The document does tell the user to 'register an Augment account' and 'authorize access to code repositories' — reasonable for a real product but outside the scope of this skill bundle. If a user later provides credentials to an external vendor or a VS Code extension, those actions are external to this skill and should be verified with the vendor.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system presence. It does describe an autonomous 'agent mode' capability, but the SKILL.md itself does not install background services or modify other skills or system-wide settings.
Assessment
This package is an instruction-only description of a product — there is no code in the skill bundle itself. Before installing or giving repository access to any third-party tool described here: 1) verify the publisher and the exact VS Code extension ID (confirm 'augment.augment-vscode' is a legitimate vendor entry in the Marketplace); 2) read the extension/vendor privacy and data-flow docs to confirm whether code is indexed locally or uploaded to a remote service; 3) limit the extension/agent permissions (grant only necessary repo access and avoid giving broad credentials or secret permissions); 4) require code review and backups before allowing any autonomous file modifications or test execution; and 5) if you need on-prem/private indexing, confirm the vendor supports fully local/private deployment and request architectural details. Because this skill is documentation-only, there is low inherent risk in the bundle itself, but the real risk comes from following its external installation/authorization steps without vetting the vendor.Like a lobster shell, security has layers — review code before you run it.
latestvk978td04ppj2h664w5fgj9xsp983dtzd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.