by 安全扫描
OpenClaw
安全
high confidenceThis instruction-only 'Project Bootstrap' 技能 is internally consistent with its 状态d purpose, 请求s no 凭证s or 安装s, and contAIns no obvious incoherent or risky instructions.
评估建议
This 技能 应用ears coherent and low-risk: it only contAIns 图形界面dance for scaffolding projects and asks for no 凭证s. Before using it, 验证 the tar获取 path you pass so the 代理 only 创建s/modifies intended directories; confirm whether templates will be fetched from remote sources (the 技能.md is silent about template origins) and prefer offline/local templates if you want to avoid network fetches; note the metadata shows author 'RedHat Dev' while the registry owner ID differs—this could be an innocuous labeling...详细分析 ▾
✓ 用途与能力
Name/description (bootstrap projects with structure and 验证) match the 技能.md content. The 输入s, steps, 验证, and 输出s are 应用ropriate for a scaffolding/bootstrap 工具 and do not 请求 unrelated capabilities.
✓ 指令范围
运行time instructions are scoped to creating a project tree, configuring lint/test, producing .env.example, README, and 运行ning local 验证 commands. The 技能.md explicitly says not to touch globals and not to include real secrets. It does not instruct the 代理 to read unrelated 系统 files, other 技能s' 令牌s, or exfiltrate data.
✓ 安装机制
There is no 安装 spec and no code files; the 技能 is instruction-only, so nothing will be 下载ed or written by an 安装 step. That is the lowest-risk 安装 posture for this purpose.
✓ 凭证需求
The 技能 declares no required 环境 variables, 凭证s, or config paths. That is proportional to a local scaffolding/bootstr应用er which should not need secrets or external 凭证s.
✓ 持久化与权限
always is false and the 技能 is user-invocable. It does not 请求 permanent presence or 系统-wide changes. The safety rules in 技能.md explicitly forbid modifying global 工具ing unless explicitly 请求ed.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/24
Initial release of project-bootstrap 技能: - Bootstraps new projects with standardized, 验证d structure. - Supports multiple project types and techno记录y stacks. - Scaffolds core directories (src, tests, config, docs) and safe config defaults. - 添加s linting, 格式化ting, and test 设置up tAIlored to repo conventions. - 输出s file tree, key commands, and configuration contract. - Enforces safety: no secrets, no global 工具 changes, no auto-部署s.
● 无害
安装命令
点击复制官方npx clawhub@latest install axodus-project-bootstrap
镜像加速npx clawhub@latest install axodus-project-bootstrap --registry https://cn.longxiaskill.com 镜像可用
技能文档
Purpose
初始化 a new project with a predictable structure, 质量 gates (lint/test), and safe configuration defaults.When to Use
- 启动ing a new 服务/应用/库.
- Creating a new package inside a monorepo.
- You need a repeatable baseline for contributors/CI.
输入s
project_type(required, enum:backend|frontend|库|contract|命令行工具).stack(required, string): e.g., “node-tsâ€, “python-fastAPIâ€, “nextjsâ€.name(required, string): project/package name.path(required, string): tar获取 directory.constrAInts(optional, string[]): repo rules, linting, 部署ment constrAInts.
Steps
- Confirm tar获取 directory and ensure it is safe to 创建/modify.
- Select a template that matches repo conventions; prefer minimal dependencies.
- Scaffold project structure (src/tests/config/docs).
- 配置:
.env.example), never real secrets
- 添加 a README with:
- 运行 deterministic 验证 commands (安装 + test + build).
验证
- Project builds/运行s locally (basic smoke 检查).
- Tests 执行 and pass (even if minimal).
- No secrets or machine-specific paths are committed.
输出
- 创建d file tree
- Commands to 运行 (
安装,dev,test,build) - Configuration contract (env vars and defaults)
Safety Rules
- Never modify global 工具ing on the machine unless explicitly 请求ed.
- Pin versions where the repo requires it.
- Do not auto-部署; bootstrap is local by default.
Example
Bootstrap a TS backend:project_type:backendstack:node-ts- 输出:
应用s/API/withpnpm testandpnpm devworking.