by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's instructions match a diff-analysis purpose, but it references other skills/modules (notably imbue:proof-of-work and sanctum:git-workspace-review) that could capture or transmit repository data; the provenance and destination of captured evidence is not documented, so you should verify before installing.
评估建议
This skill appears to legitimately perform diff analysis, but it relies on helper skills/modules that will read your repository and capture 'proof-of-work' artifacts. Before installing or running it: (1) inspect what imbue:proof-of-work and imbue:structured-output actually do — where are artifacts stored or transmitted and who can access them; (2) confirm sanctum:git-workspace-review runs locally and does not upload repository contents to an external service; (3) run the skill on a non-sensitive...详细分析 ▾
✓ 用途与能力
Name, description, and the provided modules (git-diff patterns, semantic categorization, risk framework) align with a changeset analysis/release-note workflow. Use of git and optional 'sem' tooling is expected for this purpose.
ℹ 指令范围
The SKILL.md explicitly instructs the agent to gather git workspace context (git log/diff/counts) and to use sanctum:git-workspace-review to collect repository context. That collection is coherent for diff analysis but it means the agent will read local repository contents and metadata. The skill also instructs use of imbue:proof-of-work and imbue:structured-output to capture and format artifacts; where those artifacts are stored or sent is not described in this skill and should be validated.
✓ 安装机制
Instruction-only skill with no install spec and no bundled code. No files are downloaded or executed by the skill itself, which lowers installation risk.
ℹ 凭证需求
The skill requests no environment variables or external credentials. It does declare a required config path (night-market.imbue:proof-of-work) — plausible for storing analysis evidence, but the destination, retention, or access control for that config entry is not described and should be checked to ensure it doesn't cause unintended data exposure.
✓ 持久化与权限
always is false and autonomous invocation is allowed by default (platform behavior). The skill does not request elevated system-wide privileges or claim to modify other skills' configurations; however it integrates with other skills that may persist artifacts (see proof-of-work).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/12
- Initial release of the diff-analysis skill, ported from claude-night-market/imbue. - Analyzes changesets with risk scoring, categorization, and summary generation for use with git diffs, config changes, migrations, and document revisions. - Introduces a structured 4-step analysis methodology: baseline establishment, change categorization, risk assessment, and summary preparation. - Supports conditional module loading to tailor the analysis workflow by context. - Includes integration hooks for related tools and ensures outputs suitable for release notes, code reviews, and planning.
● 无害
安装命令
点击复制官方npx clawhub@latest install nm-imbue-diff-analysis
镜像加速npx clawhub@latest install nm-imbue-diff-analysis --registry https://cn.longxiaskill.com镜像同步中