📦 agent-native-architecture — 智能体原生架构

v2.56.1

将智能体作为一等公民构建应用，专为设计自主智能体、MCP 工具或自修改智能体循环架构而生，让系统具备自我演化与自治能力。

0· 166·0 当前·0 累计

by @iliaal (Ilia Alshanetsky)

智能体开发工具自动化工作流代码生成

下载技能包

最后更新

2026/4/18

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

This package is primarily a detailed design/playbook for building agent-native systems and is largely coherent with its stated purpose. However, the documentation contains examples and patterns that assume agents will be allowed to write code, edit system prompts, commit/push to git, and self-deploy — capabilities that require high privileges and credentials. The scanner also flagged prompt-injection patterns (e.g., 'ignore previous instructions', 'system prompt override') inside the doc set, wh...

详细分析 ▾

✓ 用途与能力

The name/description (agent-native architecture) matches the included content: many reference docs about parity, file/workspace patterns, execution loops, testing, and self-modification. The files and instructions are consistent with a design/playbook rather than an implementation that needs credentials or installs.

⚠ 指令范围

The SKILL.md instructs the agent to read bundled reference docs and then 'apply those patterns to the user's specific context.' Several referenced docs explicitly describe patterns for agents to write files, commit/push code, self-deploy, and modify system prompts. The pre-scan detected prompt-injection patterns (e.g., 'ignore-previous-instructions', 'system-prompt-override') inside the documentation. Combined, this yields an open-ended instruction set that could be used to recommend or automate actions that alter agent/system behavior or code—scope creep that warrants caution.

✓ 安装机制

No install spec and no code files to execute. Instruction-only skill — nothing is written to disk by the skill package itself, so installation risk is minimal.

⚠ 凭证需求

The skill declares no required environment variables or credentials. However, its guidance frequently presumes granting agents access to .env, git, deploy tokens, system prompts, and write access to source (src/*.ts). Although not requested explicitly by the skill, the documentation encourages granting high-privilege credentials in real deployments — a disproportionate recommendation relative to merely reading a design guide.

⚠ 持久化与权限

Skill flags do not request 'always:true', and it's user-invocable/autonomous-invocation remains platform default. Still, the content strongly encourages long-lived agents, checkpointing, and self-modification patterns. If you enable autonomous invocation or grant agents permission to change system prompts or push code, the blast radius increases. The combination of self-modification guidance + potential privileges is a risk vector to consider.

⚠ references/action-parity-discipline.md:248