← 返回 Skills 市场

Electron

Name: Electron
Author: ivangdavila

作者 Iván · GitHub ↗ · v1.0.0

linuxdarwinwin32 ✓ 安全检测通过

1310

总下载

当前安装

版本数

在 OpenClaw 中安装

/install electron

功能描述

Build Electron desktop apps with secure architecture and common pitfall avoidance.

使用说明 (SKILL.md)

Security Non-Negotiables

nodeIntegration: false is mandatory — renderer with Node.js access means XSS = full system compromise
contextIsolation: true is mandatory — separates preload context from renderer
Whitelist IPC channels explicitly — never forward arbitrary channel names from renderer
Validate all IPC message content — renderer is untrusted, treat like external API input
Never use eval() or new Function() in renderer — defeats all security boundaries

Preload Script Rules

contextBridge.exposeInMainWorld() is the only safe bridge — raw ipcRenderer exposure is vulnerable
Clone data before passing across bridge — prevents prototype pollution attacks
Minimal API surface — expose specific functions, not generic send/receive

Architecture Traps

webPreferences locked after window creation — can't enable nodeIntegration later
Blocking main process freezes ALL windows — async everything, no sync file operations
Each BrowserWindow is separate renderer process — can't share JS variables directly
show: false then ready-to-show — prevents white flash, looks more native

Native Module Pain

Pre-built native modules won't work — must rebuild for Electron's specific Node version
electron-rebuild after every Electron upgrade — version mismatch = runtime crash
N-API modules more stable — survive Electron upgrades better than nan-based

Packaging Pitfalls

Dev dependencies included by default — production builds bloat without explicit exclusion
Code signing required for macOS auto-update — unsigned apps can't use Squirrel
Windows notifications require app.setAppUserModelId() — silent failure without it
ASAR isn't encryption — source readable with simple tools, don't rely on it for secrets

Platform-Specific Issues

CORS blocks file:// protocol — use custom protocol (app://) or local server
Windows needs NSIS or Squirrel for auto-update — installer format matters
macOS universal binary needs --universal flag — ships both Intel and ARM

Memory and Performance

Unclosed windows leak memory — call win.destroy() explicitly when done
Lazy load heavy modules — startup time directly affects perceived quality
backgroundThrottling: false if timers matter when minimized

Debugging

Main process: --inspect flag, connect via chrome://inspect
Renderer: webContents.openDevTools() or keyboard shortcut
electron-log for persistent logs — console.log vanishes on restart

安全使用建议

This skill is a documentation-only guide (no code, no installs) and appears internally consistent with its stated purpose. It will not access secrets or modify system state. Before installing: (1) recognize it provides advice only — it won't build or run apps for you; (2) ensure you have npm on PATH if you expect to follow its guidance; (3) consider the lack of provenance (no homepage, unknown source/owner ID) — treat recommendations as guidance and cross-check against official Electron docs if you need authoritative or up-to-date instructions.

功能分析

Type: OpenClaw Skill Name: electron Version: 1.0.0 The skill bundle provides comprehensive documentation and best practices for building secure Electron applications. It explicitly warns against common security pitfalls (e.g., `nodeIntegration`, `eval()`, `contextIsolation`) and promotes secure coding patterns. There are no indicators of malicious prompt injection, data exfiltration, unauthorized command execution, or other harmful activities in `SKILL.md` or `_meta.json`. The `npm` dependency is legitimate for the stated purpose.

能力评估

✓ Purpose & Capability

Name/description match the content: SKILL.md contains Electron security and packaging guidance. Declared requirement (npm) is reasonable for Electron-related workflows. Minor note: it does not require an electron binary or other build tools (but npm is commonly used to install those).

✓ Instruction Scope

Instructions are narrowly scoped to secure Electron architecture, IPC, preload rules, packaging pitfalls, and debugging tips. They do not ask the agent to read arbitrary files, access credentials, or send data to external endpoints.

✓ Install Mechanism

No install spec and no code files are present (instruction-only). This minimizes disk writes and execution risk.

✓ Credentials

No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or permissions.

✓ Persistence & Privilege

Skill is not marked always:true and does not request persistent or elevated privileges. Autonomous invocation is allowed (platform default) but appropriate here for an advice skill.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install electron
安装完成后，直接呼叫该 Skill 的名称或使用 /electron 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release

元数据

Slug electron

版本 1.0.0

许可证 —

累计安装 12

当前安装数 10

历史版本数 1

常见问题

Electron 是什么？

Build Electron desktop apps with secure architecture and common pitfall avoidance. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1310 次。

如何安装 Electron？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install electron」即可一键安装，无需额外配置。

Electron 是免费的吗？

是的，Electron 完全免费（开源免费），可自由下载、安装和使用。

Electron 支持哪些平台？

Electron 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（linux, darwin, win32）。

谁开发了 Electron？

由 Iván（@ivangdavila）开发并维护，当前版本 v1.0.0。