← Back to Skills Marketplace
67
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install sen-dev-patterns
Description
个人开发提效Skill - 沉淀页面布局、样式风格、代码模块、算法库、踩坑记录。适用于用户需要复用个人开发经验、遵循统一规范、调用已沉淀的计算口径或模块的场景。
Usage Guidance
This skill is mainly a collection of docs, templates and helper scripts and appears legitimate for its stated purpose. However the included publisher scripts will try to find GitHub/Gitee tokens automatically (environment variables, VSCode storage, git credential helper) and then set git remotes that embed those tokens before pushing. Before running any publish script: 1) Inspect publish_skill.py and publish_gitee.py yourself to confirm you understand what they do. 2) Prefer to provide a token explicitly (as an environment variable you control) rather than letting the script hunt for stored credentials. 3) If you run the scripts, check .git/config afterwards and remove any remote URLs containing tokens; rotate any tokens that were embedded. 4) Only run these scripts in a trusted environment (or a copy/clone of the repo) and avoid running them if you don't want tools to access your IDE or git credential storage. 5) If you want publishing convenience without risk, manually create repos and push using your normal git tooling instead of running the automated scripts.
Capability Analysis
Type: OpenClaw Skill
Name: sen-dev-patterns
Version: 0.1.0
The bundle contains publishing scripts (publish_skill.py and publish_gitee.py) that exhibit high-risk behaviors, including an intrusive credential discovery mechanism that searches for GitHub tokens in environment variables, Git credentials, and VSCode's internal global storage (%APPDATA%\Code\User\globalStorage\github-auth-token). Furthermore, these scripts contain hardcoded usernames ('sinadook' and 'the13ai') in API check endpoints and Git remote URLs, which could lead to code being pushed to unintended accounts if executed. While these scripts are framed as repository management utilities, the automated harvesting of sensitive tokens combined with hardcoded target accounts is highly irregular and poses a significant security risk.
Capability Tags
Capability Assessment
Purpose & Capability
The skill is a personal development-patterns library (UI, algorithms, templates). Having helper scripts to publish the repo (publish_skill.py, publish_gitee.py) is coherent with the developer workflow and with the SKILL.md/PUBLISH_GUIDE. However the publishing scripts implement automated credential discovery (VSCode storage, git credential helper) which is more intrusive than simply asking the user for an explicit token.
Instruction Scope
SKILL.md lists only benign usage (init templates, reuse algorithms). It does instruct running publisher scripts in PUBLISH_GUIDE, but does not explicitly warn that those scripts will search local credential stores and change git remotes. The publish scripts contain logic to read environment variables, inspect VSCode globalStorage, call 'git credential fill', and then set git remotes embedding tokens — actions outside the narrow scope of 'read docs / generate templates' and which may access or persist credentials unexpectedly.
Install Mechanism
No remote install/downloads are used (instruction-only + bundled scripts), so there's no external download risk. However the package includes executable Python scripts that will run on the user's machine if executed; that local execution capability increases risk compared with pure-doc skills.
Credentials
The skill declares no required env vars, yet publisher scripts will read GITHUB_TOKEN/GH_TOKEN/GITHUB_PERSONAL_ACCESS_TOKEN and will search VSCode state and the git credential helper for tokens. For a publishing convenience script this may be intended, but it is disproportionate for a 'patterns' skill to proactively harvest local credentials rather than explicitly asking the user to supply them. This behavior can expose sensitive tokens from unrelated locations.
Persistence & Privilege
publish_gitee.py and publish_skill.py modify git remotes by embedding credentials into remote URLs (e.g. https://username:[email protected]/...). That change is persistent (written into .git/config or remote settings) and can leak tokens to logs, config files, or other tooling. The skill does not request 'always: true', but the scripts still cause lasting changes to repository configuration if executed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sen-dev-patterns - After installation, invoke the skill by name or use
/sen-dev-patterns - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release with comprehensive personal development patterns, UI standards, code modules, and project structuring guidelines.
- Provides a structured repository for UI design, code modules, algorithm recipes, and pitfalls documentation.
- Includes standard principles to maintain code stability and transparency.
- Offers cross-platform UI style templates for Python (desktop, Tkinter, and Web), consistent color palette, and modular project directory recommendations.
- Adds reusable code snippets and scripts to streamline module creation.
- Suitable for rapid reuse and consistency across personal projects.
Metadata
Frequently Asked Questions
What is Sen Dev Patterns?
个人开发提效Skill - 沉淀页面布局、样式风格、代码模块、算法库、踩坑记录。适用于用户需要复用个人开发经验、遵循统一规范、调用已沉淀的计算口径或模块的场景。 It is an AI Agent Skill for Claude Code / OpenClaw, with 67 downloads so far.
How do I install Sen Dev Patterns?
Run "/install sen-dev-patterns" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Sen Dev Patterns free?
Yes, Sen Dev Patterns is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Sen Dev Patterns support?
Sen Dev Patterns is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Sen Dev Patterns?
It is built and maintained by the13ai (@the13ai); the current version is v0.1.0.
More Skills