📦 Cline Programming — AI代码生成

v1.0.6

一键调用 Cline AI 编程助手，采用 plan-check-act 流程：先规划代码，再人工检查，最后自动执行，支持 --verbose 实时查看进度，让开发更高效可控。

0· 110·0 当前·0 累计

by @touchdeeper (庄庭达)

开发工具代码生成 AI模型访问工作流

下载技能包

最后更新

2026/4/5

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

The skill is coherent with a CLI wrapper for the Cline tool, but it repeatedly encourages an automatic 'approve-and-run' mode (--yolo) and instructs inspecting local config files (which may contain API keys), which is risky and not properly constrained.

评估建议

This skill is a documentation wrapper for the external 'cline' CLI and appears to do what it says, but it repeatedly recommends using the '--yolo' automatic-approval flag which will run generated code without interactive review — this is the primary risk. Before installing or using the skill: 1) Avoid using --yolo for anything beyond trivial, well-audited tasks; always inspect plan-*.md and generated code before running 'act'. 2) Do not 'cat' or share ~/.cline/config.json unless you understand w...

详细分析 ▾

✓ 用途与能力

Name/description match the content: this is an instruction-only skill that tells the agent how to use the 'cline' CLI to generate (plan), review (check), and execute (act) code. The included test script exercises the same CLI commands. No unrelated binaries, env vars, or installs are requested.

⚠ 指令范围

The SKILL.md instructs use of --yolo (automatic approval) by default for both plan and act steps and shows examples that run plan and then act non-interactively. That grants the Cline CLI permission to execute generated code without manual review. The doc also suggests cat'ing ~/.cline/config.json for debugging which could expose stored API credentials. The 'check' step is described but in practice examples and test script default to auto-approve, reducing the practical safety of the workflow.

✓ 安装机制

No install spec is provided (instruction-only). The test script only checks for an existing 'cline' command and directs to install via npm if missing. This is a low-risk, expected pattern for a CLI-invocation skill.

ℹ 凭证需求

The skill requests no environment variables or credentials itself. However, it relies on the user's Cline configuration (~/.cline/config.json or system keychain) which may contain API keys. The skill's instructions encourage viewing that config, which could expose secrets if followed without care. The lack of explicit credential handling is coherent but still presents an implicit secret-access risk.

✓ 持久化与权限

always:false and no special privileges requested. The skill is user-invocable and can be called autonomously per platform defaults, which is normal. It does not try to modify other skills or system-wide settings.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.62026/4/5

更新版本更新记录，包含完整的版本历史

● 可疑

安装命令

点击复制

官方npx clawhub@latest install cline-programming

镜像加速npx clawhub@latest install cline-programming --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库