📦 Documentation-Accurate Code Generation — 文档级精准代码
v1.0.0在生成代码前先加载官方文档,校验 API 签名与参数,杜绝幻觉式错误,确保每一行代码都与真实接口保持一致。
0· 583·0 当前·0 累计
by @tobisamaa下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceThe skill's description (doc-driven codegen) is reasonable, but several requirements and instructions don't line up (an unexplained BRAVE_API_KEY, an incorrect axios install/binary claim, and hard-coded references to a user-local OpenClaw docs path), so you should verify the author’s intent before installing.
评估建议
Do not install yet. Ask the publisher to: (1) explain why BRAVE_API_KEY is required and what the key will be used for; (2) correct the install metadata (axios is a library—there should not be an 'axios' binary unless the author provides a real CLI) or provide a trustworthy install URL; (3) remove or justify the hard-coded local docs path (C:\Users\clipp\...) and declare any config paths the skill needs; (4) state whether the skill will read arbitrary local files or send any documentation off-hos...详细分析 ▾
⚠ 用途与能力
The declared required binaries (curl, jq, git) are plausible for fetching and parsing docs, but the required environment variable BRAVE_API_KEY does not relate to code generation or documentation fetching and is unexplained. The install spec claims to install an npm package 'axios' and create a binary named 'axios' — axios is a JS library (not normally a CLI binary), so the install metadata is inconsistent with the stated purpose.
⚠ 指令范围
SKILL.md instructs the agent to read local OpenClaw internal docs at a hard-coded Windows user path (C:\Users\clipp\AppData\Roaming\npm\node_modules\openclaw\docs) and to use tools like 'read', 'web_fetch', and 'exec'. However the skill declares no required config paths, and that exact local path is user-specific and unexpected. The instructions therefore request reading local files and executing local tooling without declaring or justifying that access.
⚠ 安装机制
The only install entry is an npm install of 'axios' that claims to create a binary named 'axios'. This is likely incorrect: axios is a library, not a CLI distributed as a binary. Misdeclared install metadata may indicate sloppy packaging or a mistaken/unsafe install step; no other install sources are provided. Overall installation risk is moderate because it's unclear what (if anything) will be written/executed on disk based on this spec.
⚠ 凭证需求
Asking for BRAVE_API_KEY (a named secret) is disproportionate to the documented functionality: the SKILL.md never explains why a Brave-related API key is necessary for documentation-driven codegen. The skill declares no primary credential but still lists a required env var. Additionally, the runtime instructions reference reading local documentation and examples (which could expose sensitive local content) while not declaring any config paths or giving justification for secret access.
ℹ 持久化与权限
The skill is not marked 'always: true' and is user-invocable, which is normal. It can be invoked autonomously (platform default) and the skill instructs use of local-read and network tools; combined with the other concerns this increases potential impact, but there is no explicit request for permanent installation or cross-skill config modification.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/23
- Initial release of doc-accurate-codegen skill: generate code by referencing and validating against real documentation to prevent hallucination bugs. - Enforces a strict "docs-first" workflow for any code generation, API use, or configuration creation. - Always loads documentation, extracts actual API signatures, and validates generated code for accuracy. - Introduces tools for code generation, validation, doc lookup, and API extraction with full reference tracking. - Provides output templates and best practices for reliable, documentation-sourced code.
● 可疑
安装命令
点击复制官方npx clawhub@latest install doc-accurate-codegen
镜像加速npx clawhub@latest install doc-accurate-codegen --registry https://cn.longxiaskill.com