← Back to Skills Marketplace
Reactive Resume
by
pupuking723
· GitHub ↗
· v1.0.0
· MIT-0
282
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install reactive-resume
Description
Reactive Resume 开源简历构建器开发指南。使用 TanStack Start (React 19 + Vite)、PostgreSQL + Drizzle ORM、ORPC (Type-safe RPC)、Better Auth。当用户需要:(1) 本地开发环境搭建,(2) 自定义模板开发,(3)...
Usage Guidance
This skill is a development guide and includes helper scripts; it is not trying to hide malicious behavior, but you should be careful before running anything: 1) Inspect .env/.env.example — the docs expect DATABASE_URL, PRINTER_ENDPOINT, and other secrets; never point DATABASE_URL at a production DB. 2) The scripts include db-reset.py which will drop all tables via psql — run it only against a dev database and read the script to understand its prompts. 3) db-reset.py uses subprocess with shell=True and constructs shell commands from DATABASE_URL; avoid running it on untrusted input. 4) create-template.py writes files into your repo; review paths before running. 5) The docs recommend starting dockerd with sudo and running docker compose — these are normal for self-hosting but require root and network access. If you plan to let an agent invoke this skill autonomously, be aware it may instruct the agent to run system commands that can modify your environment; prefer manual invocation and confirm environment variables and target systems first.
Capability Analysis
Type: OpenClaw Skill
Name: reactive-resume
Version: 1.0.0
The skill bundle contains a shell injection vulnerability in `scripts/db-reset.py`, where the `DATABASE_URL` environment variable is unsafely interpolated into a `subprocess.run(shell=True)` call. Additionally, `SKILL.md` contains instructions for the AI agent to execute high-privilege commands (`sudo dockerd`), which increases the attack surface. While these scripts and instructions appear intended for legitimate local development of the 'Reactive Resume' project, the lack of input sanitization and the requirement for elevated privileges pose a security risk in an automated environment.
Capability Assessment
Purpose & Capability
Name/description match the content: this is a development/self-hosting guide for Reactive Resume. The included files (template boilerplate, template-creator script, DB reset script, and extensive docs) are appropriate for that purpose. Minor inconsistency: skill metadata declares no required environment variables, but the documentation and scripts clearly require several environment variables to run (DATABASE_URL, PRINTER_ENDPOINT, BETTER_AUTH_SECRET, optional cloud/storage/API keys).
Instruction Scope
SKILL.md stays within the stated scope (local dev, templates, deployment). It instructs running Docker, docker-compose, copying .env, starting the dev server, and performing DB migrations. It also references scripts that will read .env and run psql to drop tables — destructive but consistent with a 'dev reset' tool. Nothing in SKILL.md instructs exfiltration or accessing unrelated system resources, but it does instruct running system-level commands (sudo dockerd, docker compose, pnpm, psql).
Install Mechanism
No install spec — instruction-only with bundled helper scripts and docs. That's low-risk for arbitrary code download. The provided files are typical project artifacts; there are no external arbitrary download URLs or extraction steps in the install metadata.
Credentials
The skill metadata lists no required env vars, yet the documentation and scripts depend on many environment variables (DATABASE_URL, PRINTER_ENDPOINT/APP_URL, BETTER_AUTH_SECRET, STORAGE_* and optional AI keys). The db-reset script reads .env or env vars and will act on the database referenced by DATABASE_URL. This mismatch between declared requirements and actual runtime needs could cause surprising behavior if run without awareness.
Persistence & Privilege
Skill is not always-enabled and does not request persistent platform-wide privileges. It does not modify other skills or system-wide agent config. The biggest operational privilege is the ability to run user-level system commands when a developer follows the guide (expected for a dev tool).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install reactive-resume - After installation, invoke the skill by name or use
/reactive-resume - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Reactive Resume 开发工作流文档首发,帮助开发者高效了解和参与项目开发。
- 新增详细开发环境搭建、模板开发、数据库迁移、API 扩展和自部署全流程指南
- 补充推荐技术栈、项目结构总览、多语言和常见问题解答
- 提供官方文档及社区资源导航
- 列举最佳实践和应避免的问题点
- 附相关辅助工具及文件参考路径
Metadata
Frequently Asked Questions
What is Reactive Resume?
Reactive Resume 开源简历构建器开发指南。使用 TanStack Start (React 19 + Vite)、PostgreSQL + Drizzle ORM、ORPC (Type-safe RPC)、Better Auth。当用户需要:(1) 本地开发环境搭建,(2) 自定义模板开发,(3)... It is an AI Agent Skill for Claude Code / OpenClaw, with 282 downloads so far.
How do I install Reactive Resume?
Run "/install reactive-resume" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Reactive Resume free?
Yes, Reactive Resume is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Reactive Resume support?
Reactive Resume is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Reactive Resume?
It is built and maintained by pupuking723 (@pupuking723); the current version is v1.0.0.
More Skills