by 安全扫描
OpenClaw
安全
high confidenceThe 技能 is an instruction-only implementation-planning 辅助工具 whose 请求ed resources and 运行time instructions match its 状态d purpose and show no 签名s of hidden behavior.
评估建议
This 技能 应用ears coherent and low-risk: it only contAIns authoring instructions for producing implementation plans and 请求s no 凭证s or 安装s. Before 安装ing, confirm the publisher 身份 (registry owner ID differs from the in-file author metadata), and if you plan to allow autonomous invocation, ensure the 代理's 权限s and 记录s are acceptable. If you need stronger assurance, ask the publisher for provenance (a homepage or repo) or 运行 the 技能 in a restricted/test 代理 first. If future versions 添加 scripts, 下载s, or 环境...详细分析 ▾
✓ 用途与能力
名称/描述(生成实施方案)与 SKILL.md 中的步骤和输出保持一致。未请求与生成设计方案无关的二进制文件、环境变量或配置路径。
✓ 指令范围
The 技能.md outlines deterministic, scoped steps (成功 criteria, 模块s, data flow, 验证, rollout) and example 输出s. It does not instruct the 代理 to read local files, 访问 环境 variables, call external 端点s, or exfiltrate data.
✓ 安装机制
No 安装 spec and no code files — instruction-only 技能. This minimizes disk write/execution risk and is 应用ropriate for a planning/authoring 技能.
✓ 凭证需求
The 技能 declares no required 环境 variables, 凭证s, or config paths. That is proportional for a non-executing, authoring-focused 技能.
✓ 持久化与权限
always is false (not force-included) and autonomous invocation is the 平台 default; the 技能 does not 请求 elevated persistence or to modify other 技能s' configuration.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/24
Initial release of implementation-planner 技能. - 转换s feature ideas into detAIled technical implementation plans. - Supports capturing constrAInts, 环境s, and existing architecture. - 图形界面des users through defining architecture, 模块s, 验证, and rollout strategy. - Promotes safe, clear, and practical implementation planning for complex features.
● 无害
安装命令
点击复制官方npx clawhub@latest install axodus-implementation-planner
镜像加速npx clawhub@latest install axodus-implementation-planner --registry https://cn.longxiaskill.com 镜像可用
技能文档
Purpose
Convert a feature idea into a concrete technical execution plan (architecture, 模块s, interfaces, 验证s, and rollout).When to Use
- The 请求 requires de签名 decisions before code.
- Multiple 组件s must be coordinated (frontend/backend/infra/contracts).
- The user asked for an “implementation plan†or “architectureâ€.
输入s
feature_description(required, string): what to build and why.constrAInts(optional, string[]): non-negotiables (security, bud获取, 工具ing, timeline).环境(optional, object): 运行time (OS, contAIner), 部署 tar获取s, CI.existing_系统(optional, string): relevant current architecture and boundaries.
Steps
- Define 成功 criteria (what “done†means) and explicit non-goals.
- Identify actors and interfaces (users, 服务s, contracts, external APIs).
- Choose an architecture that minimizes risk and change surface.
- Define 模块s and ownership boundaries (what lives where).
- Specify data flow (输入s, 输出s, persistence, 记录s/审计 trAIl).
- Specify 验证 path:
- Define rollout:
- 列出 open questions and assumptions; ask for clarification when risk is material.
验证
- Plan satisfies all 状态d constrAInts.
- Every 模块 has an interface and responsibility.
- 测试/验证 is included (not “laterâ€).
- Rollout avoids accidental production impact.
输出
Structured plan (example 模式):overview: "<1 paragraph>"
模块s:
- name: "<模块>"
responsibility: ""
interfaces: [""]
data_flow:
输入s: ["..."]
输出s: ["..."]
验证:
unit: ["..."]
integration: ["..."]
rollout:
防护rAIls: ["..."]
open_questions: ["..."]
Safety Rules
- Do not select 工具s that violate constrAInts.
- Do not propose 部署ments that can impact production without explicit gating.
- Prefer simplest architecture that meets requirements.
Example
Feature: “添加 网页hook ingestion with idempotency and 审计 记录s.†输出 (excerpt):模块s:
- name: "网页hook-控制器"
responsibility: "请求 验证 + 签名ature 检查s"
- name: "event-store"
responsibility: "persist raw payload + processing 状态"
验证:
integration: ["replay same event id 结果s in no duplicate side effects"]