首页 / 技能 / verification-before-completion — 完成前验证

📦 verification-before-completion — 完成前验证

v2.56.1

在声明“测试通过”“Bug 已修复”“完成”“可合并”或交接前,强制要求提供最新验证证据,确保交付质量。

0· 177·0 当前·0 累计
by @iliaal (Ilia Alshanetsky)
测试工具开发工具安全工作流
下载技能包
最后更新
2026/4/18
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
安全
high confidence
NULL
评估建议
This skill is coherent and does what it claims: it will run verification commands and inspect the repository before allowing a completion claim. Before installing, be aware that (1) the agent will need access to the working tree and to tools like git, ripgrep (rg), and whatever test/build tools your project uses — the SKILL.md does not list binaries but expects them to exist; (2) running tests/builds can exercise code that calls external services or reads environment secrets (database credential...
详细分析 ▾
用途与能力
Name/description (enforce fresh verification before completion) aligns with the SKILL.md: it tells the agent to run verification commands (build/typecheck/lint/test/security/diff), inspect VCS state, and confirm scope before edits. The enabled actions are appropriate for the stated goal.
指令范围
The instructions require running repository commands (git status, git log, diff), test/build commands (pytest, npm test, etc.), grepping the tree (rg), and potentially invoking health endpoints (curl localhost). These are consistent with verification but do grant the agent the ability to read the working tree and run arbitrary verification commands — which can touch many files and may exercise code paths that depend on external services or secrets. The SKILL.md does not attempt to read unrelated system files or exfiltrate data; scope is narrowly about repo verification, but users should be aware that running tests/builds can cause network calls or access environment secrets configured for those commands.
安装机制
Instruction-only skill with no install spec and no code files. Nothing is downloaded or written to disk by an installer — low install risk.
凭证需求
The skill declares no required environment variables or credentials, which is appropriate. However, because it instructs running build/test/security commands, those commands may in practice read service credentials, CI tokens, or other environment secrets present in your environment. The skill itself does not explicitly request or transmit secrets.
持久化与权限
always:false and no special persistence or configuration changes are requested. The skill does not ask to modify other skills or system-wide agent settings. Model invocation is allowed (platform default) which is appropriate for an enforcement/checking skill.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv2.56.12026/4/7

NULL

无害

安装命令

点击复制
官方npx clawhub@latest install compound-eng-verification-before-completion
镜像加速npx clawhub@latest install compound-eng-verification-before-completion --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库