by 安全扫描
OpenClaw
安全
medium confidenceThe skill is internally consistent with its stated purpose — it is an instruction-only architecture 'compiler' that relies on running local repo tools and manipulating git repositories; however, running the referenced local helper scripts carries the usual risk if the compiler repo isn't trusted, so verify provenance before executing them.
评估建议
This skill is coherent for its stated purpose, but it relies on running code from a local compiler repository. Before using it: 1) verify the compiler repo provenance (confirm the GitHub homepage, inspect the repo contents); 2) open and review ~/.codex/arch-compiler/tools/archcompiler_preflight.py (and related tools) so you know what will run; 3) run the helper in an isolated environment or container if the repo is untrusted; 4) ensure you understand and consent to the skill writing compiled art...详细分析 ▾
✓ 用途与能力
Name/description (compile architecture patterns, produce reproducible artifacts) match the SKILL.md instructions: reading canonical patterns/schemas, running a preflight helper, and writing compiled spec artifacts into the application repo. No unrelated credentials, binaries, or installs are requested.
ℹ 指令范围
Instructions ask the agent to read repo documentation (AGENTS.md, schemas/, patterns/) and to run a local preflight Python helper (archcompiler_preflight.py) and use git; these are appropriate for a compiler workflow but do require executing code from the local compiler repo and reading/writing files in the application repo. The skill does not instruct broad data exfiltration or access to unrelated system config, but executing unverified local scripts is a risk that users must accept.
✓ 安装机制
No install spec or external downloads — instruction-only. That minimizes installation risk; however the workflow assumes the compiler repo is installed in a persistent local path, and the agent will run tools from that repo.
✓ 凭证需求
No environment variables, credentials, or config paths are requested beyond local repo paths (e.g., ~/.codex/arch-compiler or ~/.claude/arch-compiler). The requested access is proportional to the stated purpose.
✓ 持久化与权限
always is false and the skill does not request persistent elevated privileges or to modify other skills. It does assume a persistent install path for the compiler repo, which is reasonable for a local toolset.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/4/11
- Added homepage metadata and Openclaw integration for improved discoverability. - Version bump to 1.0.1; no user-facing functional or workflow changes. - No changes to the skill’s logic or workflow.
● 可疑
安装命令 点击复制
官方npx clawhub@latest install compiling-architecture
镜像加速npx clawhub@latest install compiling-architecture --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制