软件设计文档生成
v1.0.0根据上传需求文档自动生成详细的软件设计文档,包含架构、模块、接口及通信协议等内容,且关键步骤需用户确认。
⭐ 0· 137·1 current·1 all-time
byHelpu@zlq54321
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's stated goal (generate software design docs from uploaded requirement files) matches the runtime steps (inspect inbound uploads, extract text, create project files). However the manifest declares no required binaries while the SKILL.md expects common commands (ls, mkdir, mv, unzip, touch, pdftotext, and a 'message' notifier). Also there is a path inconsistency: Step 1 lists /root/.openclaw/media/inbound/ while Step 3 uses /inbound/; clarify which inbound path is used.
Instruction Scope
Instructions operate on uploaded files in the agent's inbound directory and create directories and files under /workspace — this is expected for the task. Important behavioral details: the skill moves (mv) uploaded files (which may remove original copies), filters only files uploaded in the last 5 minutes, and will create empty project structure files. The skill requires user confirmations for key decisions (folder name, inferred tech stack, sections) which limits autonomous decisions. Verify moving vs copying behavior and retention of originals if that matters.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest risk from installation. Nothing will be downloaded or written by an installer, but the agent will perform filesystem operations at runtime as described in SKILL.md.
Credentials
No environment variables, credentials, or external service keys are requested. The skill's resource access (inbound uploads and workspace) is proportional to its purpose.
Persistence & Privilege
always is false and the skill does not request elevated or cross-skill privileges. It can be invoked autonomously by default (platform default), but the SKILL.md enforces user confirmation for critical steps which reduces risk from autonomous runs.
Assessment
This skill appears to do what it says, but check these operational details before enabling it:
- Confirm the inbound path: ask the publisher which path is authoritative (/root/.openclaw/media/inbound/ vs /inbound/) and ensure the platform's uploads live there.
- Moving vs copying: the SKILL.md uses mv — confirm whether you want originals removed from the inbound area. If you prefer retain originals, request the skill be changed to copy instead of move.
- Missing declared binaries: the metadata lists no required binaries but the instructions use ls, mkdir, mv, touch, unzip, pdftotext and a 'message' notifier. Ensure your environment provides these utilities and clarify what 'message' maps to (platform API or internal command).
- File retention and privacy: the skill will create files under /workspace; review permissions and retention policies for that directory and ensure no sensitive secrets are accidentally written to generated files.
- Test before trusting: run the skill on a non-sensitive sample upload to confirm behavior (file detection window, name-suggestion logic, progress messages, final file locations and sizes).
- Autonomy: although the skill asks for confirmations, it can still be invoked autonomously by the agent. If you are concerned about autonomous filesystem ops, restrict it to user-invoked only or monitor initial runs.
If the publisher can fix the path inconsistency, declare the required binaries, and document the 'message' notifier, the skill would be clearer and easier to safely audit.Like a lobster shell, security has layers — review code before you run it.
latestvk973ta2svysvw0hmwwv6gpyjxn832k4t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.