← 返回 Skills 市场
brennerspear

Dev Serve

作者 BrennerSpear · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
471
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install dev-serve
功能描述
Start and manage tmux-backed dev servers exposed through Caddy at wildcard subdomains.
使用说明 (SKILL.md)

dev-serve — One-Command Dev Server Hosting

Start a dev server in a tmux session and expose it via Caddy at \x3Cproject>.YOUR_DOMAIN. One command up, one command down.

Setup

  1. Install the script:

    cp scripts/dev-serve.sh ~/.local/bin/dev-serve
chmod +x ~/.local/bin/dev-serve

  2. Set your domain (one of):

    • Export DEV_SERVE_DOMAIN in your shell profile
    • Or edit the DOMAIN variable in the script

  3. Requirements:

    • Caddy running with wildcard DNS + TLS (see caddy skill)
    • tmux, jq, curl
    • Caddy admin API on localhost:2019

CLI

dev-serve up \x3Crepo-path> [port]      # Start dev server + add Caddy route
dev-serve down \x3Cname>                # Stop dev server + remove Caddy route
dev-serve ls                         # List active dev servers
dev-serve restart \x3Cname>             # Restart dev server (keep Caddy route)

How It Works

  1. Derives subdomain from the repo folder name (~/projects/myappmyapp.YOUR_DOMAIN)
  2. Detects the dev command from package.json scripts.dev (supports vite, next, nuxt, sveltekit)
  3. Auto-patches Vite allowedHosts if a vite config file exists
  4. Starts the dev server in a tmux session named dev-\x3Cname> with --host 0.0.0.0 --port \x3Cport>
  5. Adds a Caddy route + dashboard link to the Caddyfile
  6. Reloads Caddy via admin API (no sudo, no restart)
  7. Verifies end-to-end: waits for the dev server to listen, then polls HTTPS until 2xx/3xx (up to 90s)

Examples

# Start with auto-assigned port (starts at 5200, skips used ports)
dev-serve up ~/projects/myapp
# → https://myapp.YOUR_DOMAIN

# Explicit port
dev-serve up ~/projects/myapp 5200

# Override dev command
DEV_CMD="bun dev" dev-serve up ~/projects/myapp 5300

# Stop and clean up
dev-serve down myapp

# List what's running
dev-serve ls

Configuration

Variable Default Description
DEV_SERVE_DOMAIN (must be set) Your wildcard domain (e.g. mini.example.com)
DEV_SERVE_STATE_DIR ~/.config/dev-serve Where state JSON is stored
CADDYFILE ~/.config/caddy/Caddyfile Path to your Caddyfile
CADDY_ADMIN http://localhost:2019 Caddy admin API address
DEV_CMD (auto-detected) Override the dev server command

Port Convention

  • Permanent services: 3100 range (managed in Caddyfile directly)
  • Dev servers: 5200+ (managed by dev-serve, auto-assigned)

Vite allowedHosts

Vite blocks requests from unrecognized hostnames. dev-serve up automatically patches vite.config.ts (or .js/.mts/.mjs) to add the subdomain. If auto-patching fails, it prints the manual fix.

Architecture

Browser (Tailscale / LAN / etc.)
  → DNS: *.YOUR_DOMAIN → your server IP
    → Caddy (HTTPS with auto certs)
      → reverse_proxy localhost:\x3Cport>
        → Dev server (in tmux session)

Companion Skills

  • caddy — Required. Sets up the Caddy reverse proxy with wildcard TLS.

Troubleshooting

Dev server not starting:

tmux attach -t dev-\x3Cname>    # see what happened

Cert not provisioning (curl exit 35): Wait 30-60s for DNS-01 challenge. Check tail -20 /var/log/caddy-error.log.

Caddy reload failed:

caddy reload --config ~/.config/caddy/Caddyfile --address localhost:2019

403 from Vite: The subdomain wasn't added to allowedHosts. Add it manually to your vite.config.ts:

server: { allowedHosts: ['myapp.YOUR_DOMAIN'] }
安全使用建议
Before installing/running this skill: 1) Inspect the provided scripts/dev-serve.sh yourself — it will edit your ~/.config/caddy/Caddyfile and may patch source files in your repo (vite configs). 2) Set and verify DEV_SERVE_DOMAIN before running; the script will exit if this env var is not set (the registry metadata did not declare this requirement). 3) Back up your Caddyfile and any repo files you care about. 4) Ensure the Caddy admin API (http://localhost:2019) is only reachable locally and not exposed to untrusted networks — the script will POST your Caddyfile to that endpoint. 5) Confirm required binaries are present (tmux, jq, curl, lsof, sed, grep) and run the script on a machine where modifying reverse-proxy config and running arbitrary dev commands is acceptable. 6) Prefer obtaining this tool from a named, trusted source or repository (homepage/source is unknown); if the author or canonical repo is provided, re-evaluate after verifying that origin. If the metadata were corrected to list required env vars/binaries and the script included safe-guards (confirmation prompts or dry-run mode), my confidence would increase.
功能分析
Type: OpenClaw Skill Name: dev-serve Version: 1.0.0 The skill is highly suspicious due to multiple critical vulnerabilities that allow remote code execution (RCE) and configuration injection. The `scripts/dev-serve.sh` script directly executes user-controlled commands derived from the `DEV_CMD` environment variable or the `scripts.dev` entry in a project's `package.json` file via `tmux send-keys`. This allows arbitrary shell commands to be executed. Additionally, user-controlled strings (derived from the repository name and `DEV_SERVE_DOMAIN`) are inserted into the `CADDYFILE` and `vite.config.*` files using `sed` without proper sanitization, creating Caddy configuration injection and JavaScript injection vulnerabilities. While these are vulnerabilities rather than explicit malicious intent by the skill developer, they pose a severe risk if the skill is used with untrusted input or if the AI agent is prompted to use it maliciously.
能力评估
Purpose & Capability
The name and description match the script's behavior: it starts tmux sessions, chooses ports, edits a Caddyfile, calls the Caddy admin API, and patches project config files (vite). However the registry metadata declares no required env vars or binaries while the script requires DEV_SERVE_DOMAIN and relies on tmux, jq, curl, sed/awk/grep/lsof, etc. The missing metadata declarations are an incoherence that reduces trust.
Instruction Scope
SKILL.md and the script instruct the agent/user to copy a script that will: modify your Caddyfile, POST the Caddyfile to the Caddy admin API, auto-patch project source files (vite config), create/kill tmux sessions, and write state to ~/.config/dev-serve/state.json. Those actions are functionally within the stated purpose but are intrusive (editing server proxy config and source files) and should be explicitly highlighted to users — the instructions do not require explicit confirmation/backup before editing.
Install Mechanism
There is no automated install spec (user is told to cp the script to ~/.local/bin). That keeps risk lower than downloading/executing remote archives. The presence of a local script file means behavior is visible to review before installation.
Credentials
The script requires DEV_SERVE_DOMAIN (and respects CADDY_ADMIN, CADDYFILE, DEV_SERVE_STATE_DIR, DEV_CMD), but the registry metadata lists no required environment variables or primary credential. The missing declaration of DEV_SERVE_DOMAIN and the lack of declared required binaries is a mismatch. The script does not request external credentials, which is proportional to its purpose.
Persistence & Privilege
The skill does not request always:true and does not demand elevated system privileges. It will, however, modify user files (Caddyfile and repo config files) and reload Caddy via the admin API at localhost:2019; that API should be protected. These behaviors are necessary for operation but increase blast radius if run on a shared or exposed host.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install dev-serve
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /dev-serve 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial publish
元数据
Slug dev-serve
版本 1.0.0
许可证
累计安装 3
当前安装数 3
历史版本数 1
常见问题

Dev Serve 是什么?

Start and manage tmux-backed dev servers exposed through Caddy at wildcard subdomains. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 471 次。

如何安装 Dev Serve?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install dev-serve」即可一键安装,无需额外配置。

Dev Serve 是免费的吗?

是的,Dev Serve 完全免费(开源免费),可自由下载、安装和使用。

Dev Serve 支持哪些平台?

Dev Serve 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Dev Serve?

由 BrennerSpear(@brennerspear)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论