12 Factor Apps Analysis — 技能工具
v1.1.1perform 12-Factor App compliance analysis on a codebase
0· 66·1 当前·1 累计
by 安全扫描
OpenClaw
安全
high confidenceThe skill's requested actions and requirements match its stated purpose (analyzing a codebase for 12‑Factor compliance); it is an instruction-only skill that will read the target repository and produce findings, which is consistent with its description.
评估建议
This skill appears coherent and appropriate for auditing a repository for 12‑Factor compliance. Before running it, point it at the correct project directory (don't point it at your whole home or root filesystem), and be aware it will read all files under that path — any secrets or private config in the repository may be included in the output. Also confirm you trust the referenced helper skill `12-factor-apps` (if present) because the SKILL.md delegates search patterns to it; if that helper isn'...详细分析 ▾
✓ 用途与能力
Name and description (12‑Factor compliance analysis) match the instructions: the skill reads a codebase, runs searches, collects file:line evidence, and produces recommendations. There are no unrelated environment variables, binaries, or install steps requested.
ℹ 指令范围
The SKILL.md explicitly instructs the agent to examine the target path (default: current working directory) and produce file:line evidence using grep/search patterns. That behavior is appropriate for the stated purpose, but it means the skill will access all files in the provided directory (including any secrets or config files present). The skill also refers to another skill named `12-factor-apps` for search patterns; if that helper skill is missing or untrusted, results/behavior may be incomplete or depend on third-party logic.
✓ 安装机制
Instruction-only; no install spec, no downloads, and no code files. This is the lowest-risk install profile and matches the skill's stated purpose.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. Its request to read the repository is proportional to the analysis task.
✓ 持久化与权限
The skill is not marked always:true and model invocation is disabled (disable-model-invocation: true), so it cannot be invoked autonomously; it does not request persistent system presence or modify other skills' configurations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.12026/3/31
- Improved SKILL.md with detailed instructions for performing 12-Factor App compliance analysis. - Clear step-by-step workflow for systematic gap identification and evidence collection. - Defined structured executive summary and detailed findings output formats. - Added priority recommendations section for actionable improvements. - Emphasized use of file:line evidence and adherence to official methodology.
● 无害
安装命令 点击复制
官方npx clawhub@latest install 12-factor-apps-analysis
镜像加速npx clawhub@latest install 12-factor-apps-analysis --registry https://cn.clawhub-mirror.com
技能文档
概述
此技能对代码库执行 12-Factor App 架构原则的合规性分析。
使用方法
基本用法
# 分析当前目录
python analyze.py# 分析指定目录
python analyze.py /path/to/project
分析维度
该分析涵盖 12-Factor App 的各个原则:
- 代码基准 (Codebase) - 单一代码仓库
- 依赖 (Dependencies) - 显式声明依赖
- 配置 (Config) - 将配置存储在环境中
- 后端服务 (Backing Services) - 将后端服务视为附加资源
- 构建、发布、运行 (Build, Release, Run) - 严格分离构建和运行阶段
- 进程 (Processes) - 无状态进程
- 端口绑定 (Port Binding) - 通过端口绑定导出服务
- 并发 (Concurrency) - 通过进程模型扩展
- 可处置性 (Disposability) - 快速启动和优雅关闭
- 开发/生产对等 (Dev/Prod Parity) - 保持开发、预发布、生产环境一致
- 日志 (Logs) - 将日志视为事件流
- 管理进程 (Admin Processes) - 将管理任务作为一次性进程运行
输出格式
分析结果以结构化格式输出,包括:
- 执行摘要
- 详细发现
- 优先级建议
- 改进路线图
最佳实践
- 使用官方 12-Factor App 方法论作为参考
- 为每个发现提供文件:行号证据
- 按优先级排序改进建议
- 定期进行合规性检查
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制