# Boundary & Risk Card / 安装前决策卡 项目:tech-leads-club/agent-skills ## Doramagic 试用结论 当前结论:可以进入发布前推荐检查;首次使用仍应从最小权限、临时目录和可回滚配置开始。 ## 用户现在可以做 - 可以先阅读 Human Manual,理解项目目的和主要工作流。 - 可以复制 Prompt Preview 做安装前体验;这只验证交互感,不代表真实运行。 - 可以把官方 Quick Start 命令放到隔离环境中验证,不要直接进主力环境。 ## 现在不要做 - 不要把 Prompt Preview 当成项目实际运行结果。 - 不要把 metadata-only validation 当成沙箱安装验证。 - 不要把未验证能力写成“已支持、已跑通、可放心安装”。 - 不要在首次试用时交出生产数据、私人文件、真实密钥或主力配置目录。 ## 安装前检查 - 宿主 AI 是否匹配:claude, claude_code, cursor - 官方安装入口状态:已发现官方入口 - 是否在临时目录、临时宿主或容器中验证:必须是 - 是否能回滚配置改动:必须能 - 是否需要 API Key、网络访问、读写文件或修改宿主配置:未确认前按高风险处理 - 是否记录了安装命令、实际输出和失败日志:必须记录 ## 当前阻塞项 - 无阻塞项。 ## 项目专属踩坑 - 失败模式:installation: NLPM audit findings: 1 bug + 3 security improvements (score 93/100)(medium):Developers may fail before the first successful local run: NLPM audit findings: 1 bug + 3 security improvements (score 93/100) 建议检查:Before packaging this project, run the relevant install/config/quickstart check for: NLPM audit findings: 1 bug + 3 security improvements (score 93/100). Context: Observed when using playwright - 失败模式:installation: docs(tlc-spec-driven): "Skill Integrations" table lacks links, steering agents to install thi...(medium):Developers may fail before the first successful local run: docs(tlc-spec-driven): "Skill Integrations" table lacks links, steering agents to install third-party forks 建议检查:Before packaging this project, run the relevant install/config/quickstart check for: docs(tlc-spec-driven): "Skill Integrations" table lacks links, steering agents to install third-party forks. Context: Observed during installation or first-run setup. - 可能修改宿主 AI 配置(medium):安装可能改变本机 AI 工具行为,用户需要知道写入位置和回滚方法。 建议检查:列出会写入的配置文件、目录和卸载/回滚步骤。 - 失败模式:configuration: skills-catalog-v0.13.0(medium):Upgrade or migration may change expected behavior: skills-catalog-v0.13.0 建议检查:Before packaging this project, run the relevant install/config/quickstart check for: skills-catalog-v0.13.0. Context: Observed when using python - 失败模式:configuration: 🔐 Community Tool: OpenClaw Skill Security Scanner — Complementary security scanning for agent...(medium):Developers may misconfigure credentials, environment, or host setup: 🔐 Community Tool: OpenClaw Skill Security Scanner — Complementary security scanning for agent skills 建议检查:Before packaging this project, run the relevant install/config/quickstart check for: 🔐 Community Tool: OpenClaw Skill Security Scanner — Complementary security scanning for agent skills. Context: Source discussion did not expose a precise runtime context. ## 风险与权限提示 - no_demo: medium ## 证据缺口 - 暂未发现结构化证据缺口。