by 安全扫描
OpenClaw
安全
high confidenceThis instruction-only 'Project Bootstrap' skill is internally consistent with its stated purpose, requests no credentials or installs, and contains no obvious incoherent or risky instructions.
评估建议
This skill appears coherent and low-risk: it only contains guidance for scaffolding projects and asks for no credentials. Before using it, verify the target path you pass so the agent only creates/modifies intended directories; confirm whether templates will be fetched from remote sources (the SKILL.md is silent about template origins) and prefer offline/local templates if you want to avoid network fetches; note the metadata shows author 'RedHat Dev' while the registry owner ID differs—this coul...详细分析 ▾
✓ 用途与能力
Name/description (bootstrap projects with structure and validation) match the SKILL.md content. The inputs, steps, validation, and outputs are appropriate for a scaffolding/bootstrap tool and do not request unrelated capabilities.
✓ 指令范围
Runtime instructions are scoped to creating a project tree, configuring lint/test, producing .env.example, README, and running local validation commands. The SKILL.md explicitly says not to touch globals and not to include real secrets. It does not instruct the agent to read unrelated system files, other skills' tokens, or exfiltrate data.
✓ 安装机制
There is no install spec and no code files; the skill is instruction-only, so nothing will be downloaded or written by an install step. That is the lowest-risk install posture for this purpose.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. That is proportional to a local scaffolding/bootstrapper which should not need secrets or external credentials.
✓ 持久化与权限
always is false and the skill is user-invocable. It does not request permanent presence or system-wide changes. The safety rules in SKILL.md explicitly forbid modifying global tooling unless explicitly requested.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/24
Initial release of project-bootstrap skill: - Bootstraps new projects with standardized, validated structure. - Supports multiple project types and technology stacks. - Scaffolds core directories (src, tests, config, docs) and safe config defaults. - Adds linting, formatting, and test setup tailored to repo conventions. - Outputs file tree, key commands, and configuration contract. - Enforces safety: no secrets, no global tool changes, no auto-deploys.
● 无害
安装命令
点击复制官方npx clawhub@latest install axodus-project-bootstrap
镜像加速npx clawhub@latest install axodus-project-bootstrap --registry https://cn.longxiaskill.com