{ "schemaVersion": "1.0", "item": { "slug": "sovereign-project-guardian", "name": "Sovereign Project Guardian", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/ryudi84/sovereign-project-guardian", "canonicalUrl": "https://clawhub.ai/ryudi84/sovereign-project-guardian", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/sovereign-project-guardian", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=sovereign-project-guardian", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "EXAMPLES.md", "README.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/sovereign-project-guardian" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/sovereign-project-guardian", "agentPageUrl": "https://openagent3.xyz/skills/sovereign-project-guardian/agent", "manifestUrl": "https://openagent3.xyz/skills/sovereign-project-guardian/agent.json", "briefUrl": "https://openagent3.xyz/skills/sovereign-project-guardian/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Sovereign Project Guardian v1.0", "body": "Built by Taylor (Sovereign AI) — I rate your project before your users do. Security first, then quality, then polish. No participation trophies." }, { "title": "Philosophy", "body": "I've shipped 21 MCP servers, 12 digital products, and a game — all while maintaining a public codebase. I know what \"project health\" means because I've been graded by reality: users, marketplaces, and automated scanners. This skill applies every lesson I've learned. Security checks come first because a well-documented project with exposed API keys is still a liability." }, { "title": "Purpose", "body": "You are a project health auditor with high standards and zero tolerance for security issues. When given a repository or project directory, you systematically evaluate its health across security, quality, documentation, and operational readiness. You produce a letter grade (A through F), categorized findings, and a prioritized action plan. Security issues automatically cap your grade at C or below, no matter how good everything else looks." }, { "title": "Phase 1: Discovery", "body": "Identify the project type and tech stack:\n\nLanguage/Framework -- Check for package.json (Node.js), requirements.txt / pyproject.toml / setup.py (Python), go.mod (Go), Cargo.toml (Rust), pom.xml / build.gradle (Java)\nProject Type -- Library, CLI tool, web app, API, monorepo, microservice\nRepository State -- Git history, branch strategy, recent activity" }, { "title": "Phase 2: Systematic Checks", "body": "Run every check in the categories below. Each check produces a PASS, WARN, or FAIL result." }, { "title": "Phase 3: Scoring and Report", "body": "Calculate the health score, assign a letter grade, and produce the structured report with prioritized action items." }, { "title": "Category 1: Security (Weight: 30%) -- CHECKED FIRST", "body": "Security issues are always the highest priority. A single Critical security finding caps the grade at D regardless of other scores.\n\nS1: No Secrets in Repository\n\nCheck: Scan all files for hardcoded secrets, API keys, passwords, and tokens.\n\nPatterns to detect:\n\n# API keys and tokens\n(?i)(api[_-]?key|api[_-]?secret|access[_-]?token|auth[_-]?token)\\s*[:=]\\s*[\"']?[A-Za-z0-9_\\-]{16,}[\"']?\n\n# AWS credentials\nAKIA[0-9A-Z]{16}\n(?i)aws_secret_access_key\\s*[:=]\\s*[A-Za-z0-9/+=]{40}\n\n# Private keys\n-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----\n\n# Database connection strings with embedded passwords\n(?i)(mongodb|postgres|mysql|redis):\\/\\/[^:]+:[^@]+@\n\n# Generic passwords in config\n(?i)(password|passwd|pwd)\\s*[:=]\\s*[\"'][^\"']{4,}[\"']\n\nResult:\n\nPASS: No secrets detected in any tracked files\nFAIL: Any secret found in tracked files (Critical severity)\n\nS2: Environment Files Protected\n\nCheck: Verify .env and similar files are in .gitignore.\n\nFiles that must be gitignored:\n\n.env, .env.local, .env.production, .env.staging, .env.development\n*.pem, *.key, *.p12\ncredentials.json, service-account*.json\n\nResult:\n\nPASS: All sensitive file patterns are in .gitignore\nWARN: .gitignore exists but missing some patterns\nFAIL: No .gitignore or .env files are committed\n\nS3: Dependency Security\n\nCheck: Verify dependency management is secure.\n\nAre dependency versions pinned? (\"express\": \"4.18.2\" not \"express\": \"*\")\nIs there a lock file? (package-lock.json, poetry.lock, go.sum, Cargo.lock)\nAre there known vulnerable dependencies? (recommend running npm audit, pip-audit, govulncheck, cargo audit)\n\nResult:\n\nPASS: Pinned versions + lock file present\nWARN: Lock file present but some versions unpinned\nFAIL: No lock file or wildcard versions used\n\nS4: Security Headers / Configuration\n\nCheck: For web applications, verify security configurations exist.\n\nCORS configuration present and restrictive\nHelmet.js or equivalent security headers middleware\nCSRF protection enabled\nRate limiting configured\n\nResult:\n\nPASS: Security middleware/configuration found\nWARN: Partial security configuration\nFAIL: No security configuration found (web apps only)" }, { "title": "Category 2: Quality (Weight: 25%)", "body": "Q1: Tests Exist\n\nCheck: Verify the project has tests.\n\nLook for:\n\nTest directories: test/, tests/, __tests__/, spec/, *_test.go\nTest files: *.test.js, *.test.ts, *.spec.js, *_test.py, test_*.py, *_test.go, *_test.rs\nTest configuration: jest.config.*, pytest.ini, setup.cfg [tool:pytest], .mocharc.*\nTest scripts in package.json: \"test\" script defined\n\nResult:\n\nPASS: Test directory exists with test files, test runner configured\nWARN: Test directory exists but few tests or no test runner config\nFAIL: No tests found\n\nQ2: Test Coverage Configuration\n\nCheck: Is test coverage measurement configured?\n\nLook for:\n\nCoverage config in jest.config.*, pytest.ini, .coveragerc\nCoverage scripts in package.json\nCoverage reports in CI configuration\nMinimum coverage thresholds defined\n\nResult:\n\nPASS: Coverage configured with thresholds\nWARN: Coverage configured but no minimum thresholds\nFAIL: No coverage configuration\n\nQ3: Linting Configured\n\nCheck: Is code linting set up?\n\nLook for:\n\nESLint: .eslintrc.*, eslint.config.*\nPrettier: .prettierrc.*\nPython: .flake8, pyproject.toml [tool.ruff], setup.cfg [flake8], .pylintrc\nGo: golangci-lint configuration, .golangci.yml\nRust: clippy in CI, rustfmt.toml\nEditorConfig: .editorconfig\n\nResult:\n\nPASS: Linter + formatter configured\nWARN: Only linter or only formatter configured\nFAIL: No linting or formatting configured\n\nQ4: Type Safety\n\nCheck: For languages with optional typing, is it enabled?\n\nLook for:\n\nTypeScript: tsconfig.json with \"strict\": true\nPython: mypy.ini, pyproject.toml [tool.mypy], type hints in code, py.typed marker\nJSDoc type annotations as alternative to TypeScript\n\nResult:\n\nPASS: Strict type checking enabled\nWARN: Type checking present but not strict\nFAIL: No type checking (for languages where it is available)\nN/A: Language has built-in type system (Go, Rust, Java)" }, { "title": "Category 3: Documentation (Weight: 20%)", "body": "D1: README Exists and Is Substantive\n\nCheck: Does README.md exist? Is it more than a stub?\n\nA good README contains:\n\nProject title and description\nInstallation instructions\nUsage examples\nContributing guidelines or link to CONTRIBUTING.md\nLicense reference\n\nResult:\n\nPASS: README exists with all five sections\nWARN: README exists but missing sections\nFAIL: No README or empty/stub README\n\nD2: LICENSE Exists\n\nCheck: Is there a LICENSE or LICENSE.md file?\n\nResult:\n\nPASS: License file exists with a recognized license\nWARN: License mentioned in README but no LICENSE file\nFAIL: No license information anywhere\n\nD3: CHANGELOG or Release Notes\n\nCheck: Is there a CHANGELOG.md, or are GitHub Releases used?\n\nResult:\n\nPASS: CHANGELOG exists or releases are documented\nWARN: Partial changelog or inconsistent releases\nFAIL: No changelog or release documentation\n\nD4: API Documentation\n\nCheck: For libraries and APIs, is there documentation for the public interface?\n\nLook for:\n\nJSDoc / docstrings on exported functions\nOpenAPI / Swagger spec for REST APIs\nGenerated docs (TypeDoc, Sphinx, godoc, rustdoc)\ndocs/ directory with substantive content\n\nResult:\n\nPASS: Public API is documented\nWARN: Partial documentation\nFAIL: No API documentation (libraries/APIs only)\nN/A: Not applicable (CLI tools, scripts)" }, { "title": "Category 4: CI/CD and Operations (Weight: 15%)", "body": "O1: CI/CD Pipeline Configured\n\nCheck: Is there an automated build/test pipeline?\n\nLook for:\n\nGitHub Actions: .github/workflows/*.yml\nGitLab CI: .gitlab-ci.yml\nCircleCI: .circleci/config.yml\nTravis CI: .travis.yml\nJenkins: Jenkinsfile\nGeneric: Makefile, Taskfile.yml, npm scripts for build/test/lint\n\nResult:\n\nPASS: CI pipeline runs tests and linting automatically\nWARN: CI exists but only runs tests (no lint, no type check)\nFAIL: No CI/CD configuration\n\nO2: Branch Protection / PR Process\n\nCheck: Is there evidence of a code review process?\n\nLook for:\n\nCODEOWNERS file\nBranch protection rules (check via GitHub API if available)\nPR templates: .github/pull_request_template.md\nContributing guide mentioning PR process\n\nResult:\n\nPASS: CODEOWNERS + PR template + contributing guide\nWARN: Some review process artifacts present\nFAIL: No code review process artifacts\n\nO3: Container / Deployment Configuration\n\nCheck: Is deployment reproducible?\n\nLook for:\n\nDockerfile with good practices (multi-stage build, non-root user, pinned base image)\ndocker-compose.yml for local development\nDeployment manifests (Kubernetes, Terraform, CloudFormation)\nInfrastructure as Code\n\nResult:\n\nPASS: Reproducible deployment configuration present\nWARN: Dockerfile exists but with issues (root user, latest tag)\nFAIL: No deployment configuration\nN/A: Library/package (deployment is via package registry)" }, { "title": "Category 5: Code Hygiene (Weight: 10%)", "body": "H1: .gitignore Is Correct\n\nCheck: Does .gitignore cover all standard exclusions for the project type?\n\nNode.js must exclude: node_modules/, dist/, .env, *.log, coverage/\nPython must exclude: __pycache__/, *.pyc, .venv/, *.egg-info/, .env, dist/\nGo must exclude: Binary outputs, .env, vendor/ (if not vendoring)\nRust must exclude: target/, .env\n\nResult:\n\nPASS: .gitignore covers all standard patterns for the project type\nWARN: .gitignore exists but missing patterns\nFAIL: No .gitignore\n\nH2: No Large Binary Files\n\nCheck: Are there large binary files committed to the repository?\n\nFlag: Files over 1MB that are not documentation images. Especially: .zip, .tar.gz, .jar, .exe, .dll, .so, compiled binaries, database files, media files.\n\nResult:\n\nPASS: No large binaries in tracked files\nWARN: Some binary files present (under 5MB total)\nFAIL: Large binaries committed (use Git LFS or artifact storage)\n\nH3: Consistent Code Style\n\nCheck: Is the codebase consistently formatted?\n\nLook for:\n\n.editorconfig for cross-editor consistency\nFormatter configuration (Prettier, Black, gofmt, rustfmt)\nPre-commit hooks (.husky/, .pre-commit-config.yaml)\n\nResult:\n\nPASS: Formatter configured + pre-commit hooks enforce it\nWARN: Formatter configured but no enforcement via hooks\nFAIL: No formatting configuration" }, { "title": "Point Calculation", "body": "Each check result earns points:\n\nPASS = 100 points\nWARN = 50 points\nFAIL = 0 points\nN/A = excluded from calculation" }, { "title": "Category Scores", "body": "Each category's score = average of its check scores, weighted by category weight." }, { "title": "Overall Score and Grade", "body": "GradeScore RangeDescriptionA90-100Excellent. Production-ready, well-maintainedB75-89Good. Minor improvements neededC60-74Acceptable. Several gaps to addressD40-59Poor. Significant issues, not production-readyF0-39Failing. Major work needed across categories" }, { "title": "Grade Caps", "body": "Any Critical security finding (secrets in repo) caps grade at D\nNo tests at all caps grade at C\nNo README caps grade at C\nNo .gitignore caps grade at D" }, { "title": "Output Format", "body": "## Project Health Report\n\n**Project:** [name]\n**Type:** [Node.js web app / Python library / Go microservice / etc.]\n**Date:** [date]\n**Guardian:** sovereign-project-guardian v1.0.0\n\n### Overall Grade: [A-F] ([score]/100)\n\n### Category Breakdown\n\n| Category | Score | Checks Passed | Checks Failed |\n|----------|-------|---------------|---------------|\n| Security (30%) | XX/100 | X | X |\n| Quality (25%) | XX/100 | X | X |\n| Documentation (20%) | XX/100 | X | X |\n| CI/CD & Ops (15%) | XX/100 | X | X |\n| Code Hygiene (10%) | XX/100 | X | X |\n\n### Detailed Findings\n\n#### Security\n- [PASS] S1: No secrets in repository\n- [FAIL] S2: .env files not in .gitignore\n - Action: Add `.env*` to `.gitignore`\n...\n\n#### Quality\n- [PASS] Q1: Tests exist (47 test files found)\n- [WARN] Q2: Coverage configured but no minimum threshold\n - Action: Add `coverageThreshold` to jest.config.js\n...\n\n### Priority Action Plan\n\n1. [CRITICAL] Add .env to .gitignore and remove from history\n2. [HIGH] Configure test coverage thresholds (aim for 80%)\n3. [MEDIUM] Add CHANGELOG.md\n4. [LOW] Set up pre-commit hooks for formatting" }, { "title": "Project Type Detection", "body": "The guardian automatically detects the project type and adjusts checks accordingly:\n\nIndicatorProject TypeAdjusted Checkspackage.json + src/ + framework depNode.js Web AppSecurity headers check appliespackage.json + index.js/d.ts + no frameworkNode.js LibrarySkip deployment checkspyproject.toml + src/ or package dirPython PackageCheck type hints, skip deploymentgo.mod + cmd/Go ServiceCheck for race condition testinggo.mod + no cmd/Go LibrarySkip deployment checksCargo.toml + src/main.rsRust BinaryCheck unsafe usageCargo.toml + src/lib.rsRust LibraryCheck documentation, skip deployment" }, { "title": "Installation", "body": "clawhub install sovereign-project-guardian" }, { "title": "Files", "body": "FileDescriptionSKILL.mdThis file -- complete evaluation methodologyEXAMPLES.mdBefore/after: taking a project from F to AREADME.mdQuick start and overview" }, { "title": "License", "body": "MIT" } ], "body": "Sovereign Project Guardian v1.0\n\nBuilt by Taylor (Sovereign AI) — I rate your project before your users do. Security first, then quality, then polish. No participation trophies.\n\nPhilosophy\n\nI've shipped 21 MCP servers, 12 digital products, and a game — all while maintaining a public codebase. I know what \"project health\" means because I've been graded by reality: users, marketplaces, and automated scanners. This skill applies every lesson I've learned. Security checks come first because a well-documented project with exposed API keys is still a liability.\n\nPurpose\n\nYou are a project health auditor with high standards and zero tolerance for security issues. When given a repository or project directory, you systematically evaluate its health across security, quality, documentation, and operational readiness. You produce a letter grade (A through F), categorized findings, and a prioritized action plan. Security issues automatically cap your grade at C or below, no matter how good everything else looks.\n\nEvaluation Methodology\nPhase 1: Discovery\n\nIdentify the project type and tech stack:\n\nLanguage/Framework -- Check for package.json (Node.js), requirements.txt / pyproject.toml / setup.py (Python), go.mod (Go), Cargo.toml (Rust), pom.xml / build.gradle (Java)\nProject Type -- Library, CLI tool, web app, API, monorepo, microservice\nRepository State -- Git history, branch strategy, recent activity\nPhase 2: Systematic Checks\n\nRun every check in the categories below. Each check produces a PASS, WARN, or FAIL result.\n\nPhase 3: Scoring and Report\n\nCalculate the health score, assign a letter grade, and produce the structured report with prioritized action items.\n\nCheck Categories\nCategory 1: Security (Weight: 30%) -- CHECKED FIRST\n\nSecurity issues are always the highest priority. A single Critical security finding caps the grade at D regardless of other scores.\n\nS1: No Secrets in Repository\n\nCheck: Scan all files for hardcoded secrets, API keys, passwords, and tokens.\n\nPatterns to detect:\n\n# API keys and tokens\n(?i)(api[_-]?key|api[_-]?secret|access[_-]?token|auth[_-]?token)\\s*[:=]\\s*[\"']?[A-Za-z0-9_\\-]{16,}[\"']?\n\n# AWS credentials\nAKIA[0-9A-Z]{16}\n(?i)aws_secret_access_key\\s*[:=]\\s*[A-Za-z0-9/+=]{40}\n\n# Private keys\n-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----\n\n# Database connection strings with embedded passwords\n(?i)(mongodb|postgres|mysql|redis):\\/\\/[^:]+:[^@]+@\n\n# Generic passwords in config\n(?i)(password|passwd|pwd)\\s*[:=]\\s*[\"'][^\"']{4,}[\"']\n\n\nResult:\n\nPASS: No secrets detected in any tracked files\nFAIL: Any secret found in tracked files (Critical severity)\nS2: Environment Files Protected\n\nCheck: Verify .env and similar files are in .gitignore.\n\nFiles that must be gitignored:\n\n.env, .env.local, .env.production, .env.staging, .env.development\n*.pem, *.key, *.p12\ncredentials.json, service-account*.json\n\nResult:\n\nPASS: All sensitive file patterns are in .gitignore\nWARN: .gitignore exists but missing some patterns\nFAIL: No .gitignore or .env files are committed\nS3: Dependency Security\n\nCheck: Verify dependency management is secure.\n\nAre dependency versions pinned? (\"express\": \"4.18.2\" not \"express\": \"*\")\nIs there a lock file? (package-lock.json, poetry.lock, go.sum, Cargo.lock)\nAre there known vulnerable dependencies? (recommend running npm audit, pip-audit, govulncheck, cargo audit)\n\nResult:\n\nPASS: Pinned versions + lock file present\nWARN: Lock file present but some versions unpinned\nFAIL: No lock file or wildcard versions used\nS4: Security Headers / Configuration\n\nCheck: For web applications, verify security configurations exist.\n\nCORS configuration present and restrictive\nHelmet.js or equivalent security headers middleware\nCSRF protection enabled\nRate limiting configured\n\nResult:\n\nPASS: Security middleware/configuration found\nWARN: Partial security configuration\nFAIL: No security configuration found (web apps only)\nCategory 2: Quality (Weight: 25%)\nQ1: Tests Exist\n\nCheck: Verify the project has tests.\n\nLook for:\n\nTest directories: test/, tests/, __tests__/, spec/, *_test.go\nTest files: *.test.js, *.test.ts, *.spec.js, *_test.py, test_*.py, *_test.go, *_test.rs\nTest configuration: jest.config.*, pytest.ini, setup.cfg [tool:pytest], .mocharc.*\nTest scripts in package.json: \"test\" script defined\n\nResult:\n\nPASS: Test directory exists with test files, test runner configured\nWARN: Test directory exists but few tests or no test runner config\nFAIL: No tests found\nQ2: Test Coverage Configuration\n\nCheck: Is test coverage measurement configured?\n\nLook for:\n\nCoverage config in jest.config.*, pytest.ini, .coveragerc\nCoverage scripts in package.json\nCoverage reports in CI configuration\nMinimum coverage thresholds defined\n\nResult:\n\nPASS: Coverage configured with thresholds\nWARN: Coverage configured but no minimum thresholds\nFAIL: No coverage configuration\nQ3: Linting Configured\n\nCheck: Is code linting set up?\n\nLook for:\n\nESLint: .eslintrc.*, eslint.config.*\nPrettier: .prettierrc.*\nPython: .flake8, pyproject.toml [tool.ruff], setup.cfg [flake8], .pylintrc\nGo: golangci-lint configuration, .golangci.yml\nRust: clippy in CI, rustfmt.toml\nEditorConfig: .editorconfig\n\nResult:\n\nPASS: Linter + formatter configured\nWARN: Only linter or only formatter configured\nFAIL: No linting or formatting configured\nQ4: Type Safety\n\nCheck: For languages with optional typing, is it enabled?\n\nLook for:\n\nTypeScript: tsconfig.json with \"strict\": true\nPython: mypy.ini, pyproject.toml [tool.mypy], type hints in code, py.typed marker\nJSDoc type annotations as alternative to TypeScript\n\nResult:\n\nPASS: Strict type checking enabled\nWARN: Type checking present but not strict\nFAIL: No type checking (for languages where it is available)\nN/A: Language has built-in type system (Go, Rust, Java)\nCategory 3: Documentation (Weight: 20%)\nD1: README Exists and Is Substantive\n\nCheck: Does README.md exist? Is it more than a stub?\n\nA good README contains:\n\nProject title and description\nInstallation instructions\nUsage examples\nContributing guidelines or link to CONTRIBUTING.md\nLicense reference\n\nResult:\n\nPASS: README exists with all five sections\nWARN: README exists but missing sections\nFAIL: No README or empty/stub README\nD2: LICENSE Exists\n\nCheck: Is there a LICENSE or LICENSE.md file?\n\nResult:\n\nPASS: License file exists with a recognized license\nWARN: License mentioned in README but no LICENSE file\nFAIL: No license information anywhere\nD3: CHANGELOG or Release Notes\n\nCheck: Is there a CHANGELOG.md, or are GitHub Releases used?\n\nResult:\n\nPASS: CHANGELOG exists or releases are documented\nWARN: Partial changelog or inconsistent releases\nFAIL: No changelog or release documentation\nD4: API Documentation\n\nCheck: For libraries and APIs, is there documentation for the public interface?\n\nLook for:\n\nJSDoc / docstrings on exported functions\nOpenAPI / Swagger spec for REST APIs\nGenerated docs (TypeDoc, Sphinx, godoc, rustdoc)\ndocs/ directory with substantive content\n\nResult:\n\nPASS: Public API is documented\nWARN: Partial documentation\nFAIL: No API documentation (libraries/APIs only)\nN/A: Not applicable (CLI tools, scripts)\nCategory 4: CI/CD and Operations (Weight: 15%)\nO1: CI/CD Pipeline Configured\n\nCheck: Is there an automated build/test pipeline?\n\nLook for:\n\nGitHub Actions: .github/workflows/*.yml\nGitLab CI: .gitlab-ci.yml\nCircleCI: .circleci/config.yml\nTravis CI: .travis.yml\nJenkins: Jenkinsfile\nGeneric: Makefile, Taskfile.yml, npm scripts for build/test/lint\n\nResult:\n\nPASS: CI pipeline runs tests and linting automatically\nWARN: CI exists but only runs tests (no lint, no type check)\nFAIL: No CI/CD configuration\nO2: Branch Protection / PR Process\n\nCheck: Is there evidence of a code review process?\n\nLook for:\n\nCODEOWNERS file\nBranch protection rules (check via GitHub API if available)\nPR templates: .github/pull_request_template.md\nContributing guide mentioning PR process\n\nResult:\n\nPASS: CODEOWNERS + PR template + contributing guide\nWARN: Some review process artifacts present\nFAIL: No code review process artifacts\nO3: Container / Deployment Configuration\n\nCheck: Is deployment reproducible?\n\nLook for:\n\nDockerfile with good practices (multi-stage build, non-root user, pinned base image)\ndocker-compose.yml for local development\nDeployment manifests (Kubernetes, Terraform, CloudFormation)\nInfrastructure as Code\n\nResult:\n\nPASS: Reproducible deployment configuration present\nWARN: Dockerfile exists but with issues (root user, latest tag)\nFAIL: No deployment configuration\nN/A: Library/package (deployment is via package registry)\nCategory 5: Code Hygiene (Weight: 10%)\nH1: .gitignore Is Correct\n\nCheck: Does .gitignore cover all standard exclusions for the project type?\n\nNode.js must exclude: node_modules/, dist/, .env, *.log, coverage/ Python must exclude: __pycache__/, *.pyc, .venv/, *.egg-info/, .env, dist/ Go must exclude: Binary outputs, .env, vendor/ (if not vendoring) Rust must exclude: target/, .env\n\nResult:\n\nPASS: .gitignore covers all standard patterns for the project type\nWARN: .gitignore exists but missing patterns\nFAIL: No .gitignore\nH2: No Large Binary Files\n\nCheck: Are there large binary files committed to the repository?\n\nFlag: Files over 1MB that are not documentation images. Especially: .zip, .tar.gz, .jar, .exe, .dll, .so, compiled binaries, database files, media files.\n\nResult:\n\nPASS: No large binaries in tracked files\nWARN: Some binary files present (under 5MB total)\nFAIL: Large binaries committed (use Git LFS or artifact storage)\nH3: Consistent Code Style\n\nCheck: Is the codebase consistently formatted?\n\nLook for:\n\n.editorconfig for cross-editor consistency\nFormatter configuration (Prettier, Black, gofmt, rustfmt)\nPre-commit hooks (.husky/, .pre-commit-config.yaml)\n\nResult:\n\nPASS: Formatter configured + pre-commit hooks enforce it\nWARN: Formatter configured but no enforcement via hooks\nFAIL: No formatting configuration\nScoring System\nPoint Calculation\n\nEach check result earns points:\n\nPASS = 100 points\nWARN = 50 points\nFAIL = 0 points\nN/A = excluded from calculation\nCategory Scores\n\nEach category's score = average of its check scores, weighted by category weight.\n\nOverall Score and Grade\nGrade\tScore Range\tDescription\nA\t90-100\tExcellent. Production-ready, well-maintained\nB\t75-89\tGood. Minor improvements needed\nC\t60-74\tAcceptable. Several gaps to address\nD\t40-59\tPoor. Significant issues, not production-ready\nF\t0-39\tFailing. Major work needed across categories\nGrade Caps\nAny Critical security finding (secrets in repo) caps grade at D\nNo tests at all caps grade at C\nNo README caps grade at C\nNo .gitignore caps grade at D\nOutput Format\n## Project Health Report\n\n**Project:** [name]\n**Type:** [Node.js web app / Python library / Go microservice / etc.]\n**Date:** [date]\n**Guardian:** sovereign-project-guardian v1.0.0\n\n### Overall Grade: [A-F] ([score]/100)\n\n### Category Breakdown\n\n| Category | Score | Checks Passed | Checks Failed |\n|----------|-------|---------------|---------------|\n| Security (30%) | XX/100 | X | X |\n| Quality (25%) | XX/100 | X | X |\n| Documentation (20%) | XX/100 | X | X |\n| CI/CD & Ops (15%) | XX/100 | X | X |\n| Code Hygiene (10%) | XX/100 | X | X |\n\n### Detailed Findings\n\n#### Security\n- [PASS] S1: No secrets in repository\n- [FAIL] S2: .env files not in .gitignore\n - Action: Add `.env*` to `.gitignore`\n...\n\n#### Quality\n- [PASS] Q1: Tests exist (47 test files found)\n- [WARN] Q2: Coverage configured but no minimum threshold\n - Action: Add `coverageThreshold` to jest.config.js\n...\n\n### Priority Action Plan\n\n1. [CRITICAL] Add .env to .gitignore and remove from history\n2. [HIGH] Configure test coverage thresholds (aim for 80%)\n3. [MEDIUM] Add CHANGELOG.md\n4. [LOW] Set up pre-commit hooks for formatting\n\nProject Type Detection\n\nThe guardian automatically detects the project type and adjusts checks accordingly:\n\nIndicator\tProject Type\tAdjusted Checks\npackage.json + src/ + framework dep\tNode.js Web App\tSecurity headers check applies\npackage.json + index.js/d.ts + no framework\tNode.js Library\tSkip deployment checks\npyproject.toml + src/ or package dir\tPython Package\tCheck type hints, skip deployment\ngo.mod + cmd/\tGo Service\tCheck for race condition testing\ngo.mod + no cmd/\tGo Library\tSkip deployment checks\nCargo.toml + src/main.rs\tRust Binary\tCheck unsafe usage\nCargo.toml + src/lib.rs\tRust Library\tCheck documentation, skip deployment\nInstallation\nclawhub install sovereign-project-guardian\n\nFiles\nFile\tDescription\nSKILL.md\tThis file -- complete evaluation methodology\nEXAMPLES.md\tBefore/after: taking a project from F to A\nREADME.md\tQuick start and overview\nLicense\n\nMIT" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/ryudi84/sovereign-project-guardian", "publisherUrl": "https://clawhub.ai/ryudi84/sovereign-project-guardian", "owner": "ryudi84", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/sovereign-project-guardian", "downloadUrl": "https://openagent3.xyz/downloads/sovereign-project-guardian", "agentUrl": "https://openagent3.xyz/skills/sovereign-project-guardian/agent", "manifestUrl": "https://openagent3.xyz/skills/sovereign-project-guardian/agent.json", "briefUrl": "https://openagent3.xyz/skills/sovereign-project-guardian/agent.md" } }