by 安全扫描
OpenClaw
安全
high confidenceThe skill's instructions and requirements are consistent with its stated purpose of read-only codebase analysis and do not request unrelated credentials or install steps.
评估建议
This skill appears coherent and only asks the agent to read and analyze code; it does not request credentials or install software. Before enabling: (1) confirm the agent will only have read access to the target repository and not broader host files, (2) avoid running it on repos that contain secrets or credentials (remove or mask sensitive files first), and (3) review any analysis outputs before sharing them, since they could include snippets from the codebase. If you need stricter controls, run...详细分析 ▾
✓ 用途与能力
Name and description match the SKILL.md: the skill's goal is to inspect a local codebase and explain structure, entry points, dependencies, call paths, and data flow. It does not declare unrelated binaries, env vars, or install steps.
✓ 指令范围
SKILL.md explicitly limits actions to reading/analyzing code and states 'do not change code.' It focuses on reading repo files (directory structure, imports/exports, call chains) and marking unknowns. It does not instruct the agent to read unrelated system files, credentials, or to transmit data externally.
✓ 安装机制
This is an instruction-only skill with no install spec and no code files to execute. Nothing is written to disk or downloaded by the skill itself.
✓ 凭证需求
The skill requests no environment variables, credentials, or config paths. Its requested access (read-only access to the repository files) is proportionate to its stated purpose. Note: while the skill itself doesn't request secrets, analysis of a repo that contains secrets could reveal them in outputs.
✓ 持久化与权限
always is false and there are no install hooks or behavior that would modify agent/system configuration. The skill does not request permanent presence or permissions beyond runtime read access to the codebase.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/4/6
initial release
● 无害
安装命令 点击复制
官方npx clawhub@latest install code-explore
镜像加速npx clawhub@latest install code-explore --registry https://cn.clawhub-mirror.com
技能文档
先把代码库看清楚,再谈修改。
工作流
- 先看与需求相关的目录结构、依赖文件、配置文件和构建入口。
- 确认运行时、框架、主入口和关键启动路径。
- 只基于已经读过的文件梳理 import、export、调用链或事件流。
- 找出状态、模型、存储、外部服务和配置边界。
- 结论必须有代码依据;没读到的部分就明确写“不确定”。
- 使用本技能时不改代码,只做分析。
关注点
- 与当前问题直接相关的目录结构
- 入口文件和关键配置
- 核心模块及其职责
- 关键函数、处理器与调用关系
- 从输入到副作用或输出的数据流
输出
- 相关目录结构
- 入口与配置摘要
- 核心模块说明
- 关键函数和调用关系
- 简短的数据流说明
- 未确认项与假设
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制