📦 用于自动扫描 Vue2 项目的潜在风险，依赖安全，Webpack 配置风险， Babel 配置问题 — 用于自动扫描 Vue2 项目的潜在风险、依赖安全、Webpack 配置风险及 Babel 配置问题

v1.0.0

Skill 用于自动扫描 Vue2 项目的潜在风险、依赖安全、Webpack 配置风险及 Babel 配置问题

0· 43·0 当前·0 累计

by @gfrxf·MIT-0

前端框架

下载技能包

License

MIT-0

最后更新

2026/4/7

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

该技能的代码和说明与其声明的用途（扫描 Vue2 项目中的依赖、Webpack 和 Babel 问题）一致；它无需凭据或安装，仅读取常规项目文件并运行 npm audit 命令。

评估建议

This skill appears coherent and limited to scanning a Vue2 project. Before running it: (1) review the included scripts yourself (they're small and bundled) to satisfy yourself they only access project files; (2) run them in a sandbox or CI environment if you are cautious — they call npm audit and npm list which may perform network calls; (3) ensure npm/node are installed in the environment where you run it; (4) be aware of some simplistic checks (e.g., core-js version parsing) that can cause fal...

详细分析 ▾

✓ 用途与能力

The name/description match the actual behavior: scripts check package.json, vue.config.js, babel.config.js and run npm audit/npm list to surface dependency and config issues. No unrelated credentials, binaries, or network endpoints are requested.

✓ 指令范围

SKILL.md instructs running scripts from the project root. The scripts only read project files (package.json, vue.config.js, babel.config.js) and invoke local npm commands (npm list, npm audit). There are no hidden remote endpoints or attempts to read unrelated system files. Some checks use simplistic parsing (e.g., core-js version parsing), which may produce false positives, but this is a correctness/quality issue rather than malicious behavior.

✓ 安装机制

No install spec: instruction-only with bundled shell scripts. Nothing is downloaded or written to disk by an installer. Risk surface is limited to executing the included scripts.

✓ 凭证需求

The skill requires no environment variables, no credentials, and no config paths beyond project files. It does run npm audit (which may access the network for audit data) but that is proportional to dependency scanning.

✓ 持久化与权限

The skill does not request persistent presence (always:false) and does not modify other skills or system-wide config. It runs only when invoked by the user/agent.

⚠ scripts/checks/check-webpack.sh:13

Dynamic code execution detected.

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/7

vue2-risk-scan 初始版本发布 - 自动扫描 Vue2 项目中的常见风险 - 检测依赖安全问题、Webpack 配置风险及 Babel 配置问题 - 适用于日常开发、CI 检查及 AI 自动诊断 - 用法：在项目根目录运行 sh scripts/scan-vue2-risk.sh

● 无害

安装命令

点击复制

官方npx clawhub@latest install vue2-risk-scan

镜像加速npx clawhub@latest install vue2-risk-scan --registry https://cn.longxiaskill.com

技能文档

Vue2 项目风险扫描 Skill ## 🧠 Skill 说明该 Skill 用于自动扫描 Vue2 项目的潜在风险，包括： - 📦 依赖安全（axios / npm audit 等） - 🧱 Webpack 配置风险 - 🧬 Babel 配置问题适用于日常开发自检、CI 检查、AI 自动诊断。 --- ## 🚀 使用方式在项目根目录执行： ``bash sh scripts/scan-vue2-risk.sh ``

数据来源：ClawHub ↗ · 中文优化：龙虾技能库