by 安全扫描
OpenClaw
安全
high confidenceThe skill's code, templates, and runtime instructions are coherent with its stated purpose of generating a .ai-context knowledge base; no evidence of credential requests, network exfiltration, or unrelated capabilities was found — but note a minor runtime mismatch (the included script expects the Bun runtime while the skill metadata declares no required binaries).
评估建议
This skill appears to be what it says: a generator for a .ai-context knowledge base. Before installing or running it, do the following:
- Inspect scripts/generate.ts yourself (it is included) and run it in a sandbox or review its behavior; it uses only fs/path and template rendering in the copy provided.
- Ensure you have the runtime required to run the script (the script uses a Bun shebang). Either install Bun or run the script via an appropriate Node/TS workflow; the registry metadata should ...详细分析 ▾
ℹ 用途与能力
The skill's name, README, SKILL.md, templates, and scripts all align: they generate a .ai-context directory and read project files (README.md, package.json, AGENTS.md, docs/, source tree) to produce documentation. One inconsistency: the shipped script (scripts/generate.ts) uses a Bun shebang and TypeScript, so a Bun/Node runtime is effectively required to run the automation — but the skill's registry metadata lists no required binaries. This is likely an omission rather than malicious, but it is a capability/requirement mismatch the user should be aware of.
✓ 指令范围
SKILL.md explicitly instructs the agent to read local project files (AGENTS.md, README.md, package.json, docs/, source tree) and to generate docs from templates. All referenced actions are within the project scope and relevant to creating a knowledge base. There are no instructions to read unrelated system files, environment variables, or to transmit data to external endpoints.
ℹ 安装机制
No install spec is provided (instruction-only), which minimizes risk. However, the included script is executable (#!/usr/bin/env bun) and expects Bun to run; the absence of a declared runtime/install step or required-binaries entry is an operational gap. There are no downloads or external install URLs in the files reviewed.
✓ 凭证需求
The skill does not request any environment variables, credentials, or config paths. The files and templates likewise do not reference secrets or external service tokens. Requested file reads are limited to project-local files and templates, which is proportionate to the described function.
✓ 持久化与权限
The skill is not configured as always-on and does not request persistent system privileges or attempt to modify other skills or global agent settings. It creates/updates files under a project-local .ai-context directory, which is appropriate for its purpose.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/16
Version 1.0.0 - Initial release of the “ai-context-generator” skill. - Generates structured, tiered project knowledge bases for AI coding agents. - Includes clear activation triggers, generation process, writing guidelines, and file roles. - Provides templates and automation script scaffolding for maintainable documentation. - Reference guide and maintenance best practices included.
● 无害
安装命令
点击复制官方npx clawhub@latest install ai-context-generator
镜像加速npx clawhub@latest install ai-context-generator --registry https://cn.longxiaskill.com 镜像可用