📦 Claude Code Framework — 智能体框架
v1.0.0基于 Claude Code 核心的 Agent 执行框架,内置权限预检、上下文预算监控与可插拔 Hook,让智能体开发更安全、灵活、高效。
0· 105·0 当前·0 累计
by 下载技能包
最后更新
2026/4/4
安全扫描
OpenClaw
安全
medium confidenceNULL
评估建议
This skill is internally coherent and implements what it advertises, but review before enabling: 1) provenance/licensing: SKILL.md claims the code comes from a leaked Claude Code release — confirm legal/ethical sourcing before use; 2) hooks: the HookManager allows arbitrary handlers at many lifecycle points (including pre_agent_spawn and pre_send_message) — only register handlers you trust and audit their code/logging behavior; 3) executors: executeTool is unimplemented in the framework and a ho...详细分析 ▾
ℹ 用途与能力
The code files (handler, risk-classifier, context-budget, hook-manager) implement the described features (permission pre-checks, context budget, hook points). There are no unrelated env vars, binaries, or install actions requested. However the SKILL.md repeatedly claims the code is extracted from leaked Claude Code sources — a provenance/licensing concern that is outside technical coherence but important for risk/legal review.
ℹ 指令范围
SKILL.md instructions stay within the stated purpose (how to run the framework, commands, hooks, and examples). The hook system intentionally allows arbitrary handlers at many lifecycle points (pre_tool_call, pre_agent_spawn, pre_send_message, etc.), which is expected for a framework but grants broad ability to run custom logic; that increases the attack surface if untrusted handlers are registered. The core executor's executeTool is intentionally unimplemented (throws), meaning the framework itself is scaffolding and will not execute system tools until a host implements that method—this reduces immediate risk but also means a future implementer could wire it to powerful tool(s).
✓ 安装机制
No install spec and no downloads; the skill is instruction/code-only. Nothing in the manifest performs remote installs or writes to disk during install, which is the lowest-risk install posture.
ℹ 凭证需求
The skill requests no environment variables or credentials (proportional). It does define rules that classify network, git, and exec operations (curl, wget, git push) as requiring approval; the framework itself does not request credentials but is designed to mediate operations that, when wired to real tool executors, may need external credentials. You should ensure any integrations (git, network, exec) are gated and that credentials are provided only to trusted executors.
✓ 持久化与权限
always:false and no system-wide config paths are requested. The framework registers and executes hooks (its own internal state), but it does not modify other skills or system settings. Autonomous invocation is allowed by platform default — combined with the hook power this is a normal but important consideration (see user guidance).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/4
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install claude-code-framework
镜像加速npx clawhub@latest install claude-code-framework --registry https://cn.longxiaskill.com