📦 Seismograph — 代码影响预测
v1.0.0在真正改动前,预测代码变更的连锁反应:可视化修改在代码库中的传播路径,精准标出哪些模块会断裂、哪些会变形,帮助团队在合并前就评估风险,减少回滚。
0· 253·0 当前·0 累计
by 下载技能包
最后更新
2026/3/4
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
Before installing or using this skill, ask the publisher to clarify exactly how it accesses code and downstream systems. Specifically: (1) what files, repo paths, or services does it need to read/write? (2) which binaries or tools must be available (git, language parsers, static analyzers, test runners)? (3) will it ever request or require credentials to external services, and if so, which ones and why? (4) provide concrete runtime steps or a reproducible example run on a small sample repo. Unti...详细分析 ▾
⚠ 用途与能力
The skill's purpose is to map propagation across a codebase and downstream systems, which normally requires access to repository files, static-analysis tools, test runners, or service credentials. However, the skill declares no required binaries, environment variables, config paths, or install steps. That absence is disproportionate to the claimed capability and suggests either missing requirements or that the agent will be given broad latitude to 'gather context' at runtime (which is not explicitly described).
⚠ 指令范围
The SKILL.md describes multi-phase analyses (line-level epicenter mapping, static dependency traversal, dataflow tracing, event/subscriber discovery, downstream monitoring and contract checks) but does not include concrete runtime commands, file paths, or a restricted list of actions. The instructions are high-level and open-ended — they imply reading repository files, running tests, parsing configs, and contacting downstream systems, but do not state how the agent should do these things or what it may access. Open-ended instructions give the agent broad discretion, which is a scope-creep risk.
✓ 安装机制
No install spec and no code files are present, which is low risk from an installation-execution perspective. That said, for the described functionality it is surprising there is truly 'zero-dependency' — realistic implementations normally require tools (git, language parsers, static analyzers). The lack of install steps reduces disk/exec risk but increases uncertainty about how the analysis actually happens.
⚠ 凭证需求
The skill declares no required environment variables, credentials, or config paths even though the described analysis would reasonably need access to the repository, CI/test runners, and possibly service credentials for downstream systems. This mismatch could indicate omitted requirements or that the skill expects the agent to request or be granted ad hoc access at runtime — a potential vector for accidental credential exposure or over-broad access.
✓ 持久化与权限
The skill does not request 'always' presence and defaults to user-invocable/autonomous invocation as normal. It does not claim to modify other skills or system configuration. No elevated persistent privileges are requested in the provided metadata.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSmacOS · Linux · Windows
版本
latestv1.0.02026/3/4
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install seismograph
镜像加速npx clawhub@latest install seismograph --registry https://cn.longxiaskill.com