📦 Anti-Pattern Czar — 修复TS异常模式

v1.0.0

扫描TypeScript代码库，自动识别静默异常、错误吞噬等反模式，提供一键修复并支持状态持久化与审批流，保障错误处理健壮可追踪。

0· 596·0 当前·0 累计

by @glucksberg (Glucksberg)

开发工具代码生成安全测试工具

下载技能包

最后更新

2026/2/25

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

This skill appears to be a coherent code-scanning/fix assistant, but there are a couple of important unknowns you should resolve before installing or running it on important repositories: - Clarify the `bunx antipattern-czar` dependency. The SKILL.md expects an external command but the skill declares no required binary or install. Ask the author: where does `antipattern-czar` come from (npm package name, GitHub repo, release URL)? Will bunx fetch code at runtime? If so, you are granting the age...

详细分析 ▾

ℹ 用途与能力

The name/description (detect and fix TypeScript error-handling anti-patterns, with state and approval workflows) matches the SKILL.md workflows: scanning, review, auto-fix, state persistence, and reporting. However, the SKILL.md expects an external runtime command (`bunx antipattern-czar`) but the skill declares no required binaries or install spec — this mismatch is unexpected and should be clarified.

✓ 指令范围

Instructions explicitly direct the agent to read project source, parse code contexts, propose and apply edits, and read/write a state file at the project root. Those actions are consistent with the stated purpose (code scanning and in-place fixes). There are no instructions to read unrelated system files, access secrets, or transmit code to external endpoints in the provided content.

⚠ 安装机制

This is an instruction-only skill (no install spec). Yet SKILL.md tells the agent to run `bunx antipattern-czar`. That implies either (a) a binary/package must already exist in the environment, or (b) bunx will fetch and run code from a registry at runtime. The skill provides no declaration of this dependency or source for `antipattern-czar`, which is an installation/ supply-chain ambiguity and a potential execution-of-untrusted-code risk.

✓ 凭证需求

The skill requests no environment variables, credentials, or config paths beyond a project-local `.anti-pattern-state.json`. That is proportionate for a code-modifying linter/repair tool. No unrelated secrets or broad system config access is requested.

ℹ 持久化与权限

The skill persists state to a project-local `.anti-pattern-state.json` and writes edits to source files as part of normal operation. It is not force-installed (always:false). The combination of write-edit capability plus autonomous invocation (platform default) means users should be careful about allowing the skill to run in auto/fix-all modes — the skill can modify repository files, which is intended but potentially impactful if misconfigured.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/19

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install anti-pattern-czar

镜像加速npx clawhub@latest install anti-pattern-czar --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库