← 返回 Skills 市场

ia-linux-bash-scripting

Name: ia-linux-bash-scripting
Author: iliaal

作者 Ilia Alshanetsky · GitHub ↗ · v3.0.4 · MIT-0

cross-platform ✓ 安全检测通过

360

总下载

当前安装

版本数

在 OpenClaw 中安装

/install compound-eng-linux-bash-scripting

功能描述

Defensive Bash scripting for Linux: safe foundations, argument parsing, production patterns, ShellCheck compliance. Use when writing bash scripts, shell scri...

使用说明 (SKILL.md)

Linux Bash Scripting

Produce bash scripts that pass shellcheck --enable=all and shfmt -d with zero warnings.

Target: GNU Bash 4.4+ on Linux. No macOS/BSD workarounds, no Windows paths, no POSIX-only restrictions.

Script Foundation

#!/usr/bin/env bash
set -Eeuo pipefail
shopt -s inherit_errexit

readonly SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)"

trap 'printf "Error at %s:%d\
" "${BASH_SOURCE[0]}" "$LINENO" >&2' ERR
trap 'rm -rf -- "${_tmpdir:-}"' EXIT

-E propagates ERR traps into functions
inherit_errexit propagates errexit into $() command substitutions
Always create temp dirs under the EXIT trap: _tmpdir=$(mktemp -d)
Wrap body in main() { ... } with source guard: [[ "${BASH_SOURCE[0]}" == "$0" ]] && main "$@" -- enables sourcing for testing

Core Rules

Quote every expansion: "$var", "$(cmd)", "${array[@]}"
local for function variables, local -r for function constants, readonly for script constants
printf '%s\ ' over echo -- predictable behavior, no flag interpretation
[[ ]] for conditionals; (( )) for arithmetic; $() over backticks
End options with --: rm -rf -- "$path", grep -- "$pattern" "$file"
Require env vars: : "${VAR:?must be set}"
Never eval user input; build commands as arrays: cmd=("grep" "--" "$pat" "$f"); "${cmd[@]}"
Separate local from assignment to preserve exit codes: local val; val=$(cmd)
Debug tracing: PS4='+${BASH_SOURCE[0]}:${LINENO}: ' with bash -x -- shows file:line per command
Named exit codes: readonly EX_USAGE=64 EX_CONFIG=78 -- no magic numbers in exit
Pipeline diagnostics: "${PIPESTATUS[@]}" shows exit code of each pipe stage, not just last failure

Safe Iteration

# NUL-delimited file processing
while IFS= read -r -d '' f; do
    process "$f"
done \x3C \x3C(find /path -type f -name '*.log' -print0)

# Array from command output
readarray -t lines \x3C \x3C(command)
readarray -d '' files \x3C \x3C(find . -print0)

# Glob with no-match guard
for f in *.txt; do [[ -e "$f" ]] || continue; process "$f"; done

Argument Parsing

verbose=false; output=""
while [[ $# -gt 0 ]]; do
    case "$1" in
        -v|--verbose) verbose=true; shift ;;
        -o|--output)  output="$2"; shift 2 ;;
        -h|--help)    usage; exit 0 ;;
        --)           shift; break ;;
        -*)           printf 'Unknown: %s\
' "$1" >&2; exit 1 ;;
        *)            break ;;
    esac
done

Production Patterns

Dependency check:

require() { command -v "$1" &>/dev/null || { printf 'Missing: %s\
' "$1" >&2; exit 1; }; }
require jq; require curl

Dry-run wrapper:

run() { if [[ "${DRY_RUN:-}" == "1" ]]; then printf '[dry] %s\
' "$*" >&2; else "$@"; fi; }
run cp "$src" "$dst"

Atomic file write -- write to temp, rename into place:

atomic_write() { local tmp; tmp=$(mktemp); cat >"$tmp"; mv -- "$tmp" "$1"; }
generate_config | atomic_write /etc/app/config.yml

Retry with backoff:

retry() { local n=0 max=5 delay=1; until "$@"; do ((++n>=max)) && return 1; sleep $delay; ((delay*=2)); done; }
retry curl -fsSL "$url"

Script locking -- prevent concurrent runs:

exec 9>/var/lock/"${0##*/}".lock
flock -n 9 || { printf 'Already running\
' >&2; exit 1; }

Idempotent operations -- safe to rerun:

ensure_dir()  { [[ -d "$1" ]] || mkdir -p -- "$1"; }
ensure_link() { [[ -L "$2" ]] || ln -s -- "$1" "$2"; }

Input validation: [[ "$1" =~ ^[1-9][0-9]*$ ]] || die "Invalid: $1" -- validate at script boundaries with [[ =~ ]]

umask 077 for scripts creating sensitive files
Signal cleanup: trap 'cleanup; exit 130' INT TERM -- preserves correct exit codes for callers

Logging

log() { printf '[%s] [%s] %s\
' "$(date -Iseconds)" "$1" "${*:2}" >&2; }
info()  { log INFO "$@"; }
warn()  { log WARN "$@"; }
error() { log ERROR "$@"; }
die()   { error "$@"; exit 1; }

Anti-Patterns

Bad	Fix
`for f in $(ls)`	`for f in *; do` or `find -print0 \| while read`
`local x=$(cmd)`	`local x; x=$(cmd)` -- preserves exit code
`echo "$data"`	`printf '%s\
' "$data"`
`cat file \| grep`	`grep pat file`
`kill -9 $pid` first	`kill "$pid"` first, `-9` as last resort
`cd dir; cmd`	`cd dir

Performance

Parameter expansion over externals: ${path%/*} not dirname, ${path##*/} not basename, ${var//old/new} not sed
(( )) over expr; [[ =~ ]] over echo | grep
Cache results: val=$(cmd) once, reuse $val
xargs -0 -P "$(nproc)" for parallel work
declare -A map for lookups instead of repeated grep

Bash 4.4+ / 5.x

${var@Q} shell-quoted, ${var@U} uppercase, ${var@L} lowercase
declare -n ref=varname nameref for indirect access
wait -n wait for any background job
$EPOCHSECONDS, $EPOCHREALTIME -- timestamps without forking date

Linux-Specific

GNU coreutils differ from macOS: sed -i (no '' suffix), grep -P (PCRE support), readlink -f (canonical path)
timeout 30s cmd to prevent automation hangs

ShellCheck

Run shellcheck --enable=all script.sh. Key rules:

SC2155: Separate declaration from assignment
SC2086: Double-quote variables
SC2046: Quote command substitutions
SC2164: cd dir || exit
SC2327/SC2328: Use ${BASH_REMATCH[n]} not $n for regex captures

Pre-commit: shellcheck *.sh && shfmt -i 2 -ci -d *.sh

Verify

Run shellcheck --enable=all and shfmt -d with zero warnings before declaring done. Test edge cases: empty input, missing files, spaces in paths.

安全使用建议

This skill is a style-and-pattern guide for writing Bash on Linux and does not itself run or download code. However, anything the agent generates based on these instructions may perform system actions (writing /etc files, creating locks, running curl, etc.). Before running generated scripts: review the script contents line-by-line, confirm any operations that modify system files or run network commands are intended, run shellcheck/shfmt locally, prefer running in a non-production environment first, and avoid executing as root unless you understand the changes. If you need stricter guarantees, require the agent to show diffs and explicit justification for writes to sensitive paths (e.g., /etc) before you run them.

功能分析

Type: OpenClaw Skill Name: compound-eng-linux-bash-scripting Version: 3.0.4 The skill bundle provides high-quality, defensive coding standards for Bash scripting, emphasizing security best practices such as ShellCheck compliance, input validation, and avoiding dangerous functions like 'eval'. The instructions in SKILL.md and the development specifications in SPEC.md are strictly aligned with the stated purpose of improving script reliability and safety without any indicators of malicious intent or data exfiltration.

能力评估

✓ Purpose & Capability

Name/description match the content: SKILL.md is a detailed, Linux-focused Bash style and pattern guide. It does not request unrelated binaries, credentials, or installs, so the declared purpose aligns with what the skill requires and provides.

✓ Instruction Scope

The SKILL.md stays within the domain of producing safe Bash scripts. Examples reference system paths (/etc, /var/lock, find /path), tools (curl, jq, shellcheck, shfmt) and patterns appropriate for scripting. The document does not instruct the agent to read arbitrary host secrets or to exfiltrate data. Because this is guidance (not executable code bundled with the skill), the runtime risk comes from scripts generated by the agent — those should be reviewed before execution.

✓ Install Mechanism

No install spec is present (instruction-only), so nothing is downloaded or written to disk by the skill itself. This is the lowest-risk installation model.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths. The SKILL.md shows patterns for validating/ requiring env vars in generated scripts (e.g., ': "${VAR:?must be set}"'), which is appropriate and not the same as the skill requesting secrets itself.

✓ Persistence & Privilege

No privileged persistence is requested. always is false and the skill is user-invocable. There is no indication it modifies other skills or agent-wide config.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install compound-eng-linux-bash-scripting
安装完成后，直接呼叫该 Skill 的名称或使用 /compound-eng-linux-bash-scripting 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.56.1

v2.56.0

v2.55.1

v2.55.0

v2.53.2

v2.53.0

元数据

Slug compound-eng-linux-bash-scripting

版本 3.0.4

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 11

常见问题