📦 Aegis Quality Guardian — AI质量守护
v1.4.0AI全栈开发质量守护者,采用合约驱动、设计优先的五层防护:设计→合约→代码→测试→运行时,为AI生成代码提供实时缺陷拦截、规范校验与可追溯审计,确保每一次迭代都安全、可靠、可维护。
1· 151·0 当前·0 累计
by 下载技能包
最后更新
2026/3/31
安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to do what it says: it will scan your repo and create guardrail files (contracts/, .aegis/, pre-commit hook, CI workflows, docker-compose) and run common tools (npx, python3/pip). Before installing/running: review the scripts (especially init-project.sh and setup-guardrails.sh), run them in a copy or disposable branch first, and confirm you are comfortable with added files and the pre-commit hook (you can bypass commits with --no-verify). Note that type generation uses npx/pip...详细分析 ▾
✓ 用途与能力
Name/description (contract-first guardrails for AI development) matches the provided scripts and templates: detect-stack, init-project, setup-guardrails, contract validation and type generation. The resources requested (filesystem access, project files) are expected for this purpose; no unrelated cloud credentials or unexpected binaries are required.
ℹ 指令范围
SKILL.md and the scripts instruct the agent to scan the entire repository (package.json, tsconfig, Dockerfiles, docs/designs/, contracts/) and to read/write project files (.aegis/, contracts/, .git/hooks, .github/workflows). This is appropriate for a guardrails tool but is intrusive: it will create files, install pre-commit hooks, and add CI workflows. The scripts also run generation/validation commands (npx, python3/pip) when invoked — review before running in a sensitive repo.
✓ 安装机制
There is no external install spec for the skill itself (instruction-only). The included scripts rely on common package managers (npx/openapi-typescript, pip/pyyaml) and standard public images in docker-compose. There are no downloads from personal servers, URL shorteners, or IP addresses. The scripts may auto-install Python package pyyaml (pip) or run npx which fetches npm packages on demand — expected for type generation but worth noting.
✓ 凭证需求
The skill declares no required environment variables or credentials. Scripts generate docker-compose files with default 'test' DB credentials for local integration testing (e.g., POSTGRES_USER/POSTGRES_PASSWORD=test) — these are default test values and not secret exfiltration. No broad or unrelated secret access is requested.
✓ 持久化与权限
The skill does write files into the project (templates, .aegis scripts, pre-commit hook, CI config) and installs a pre-commit hook if .git is present; this is consistent with its stated role. It does not request platform-level 'always' inclusion nor modify other skills. Installing hooks/CI is invasive by design but proportionate.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.4.02026/3/27
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install aegis-quality-guardian
镜像加速npx clawhub@latest install aegis-quality-guardian --registry https://cn.longxiaskill.com