← 返回 Skills 市场

Flask

Name: Flask
Author: ivangdavila

作者 Iván · GitHub ↗ · v1.0.0

linuxdarwinwin32 ✓ 安全检测通过

1297

总下载

当前安装

版本数

在 OpenClaw 中安装

/install flask

功能描述

Avoid common Flask mistakes — context errors, circular imports, session configuration, and production gotchas.

使用说明 (SKILL.md)

Application Context

current_app only works inside request or with app.app_context() — "working outside application context" error
g is per-request storage — lost after request ends, use for db connections
Background tasks need context — with app.app_context(): or pass data, not proxies
create_app() factory pattern avoids circular imports — import current_app not app

Request Context

request, session only inside request — "working outside request context" error
url_for needs context — url_for('static', filename='x', _external=True) for absolute URLs
Test client provides context automatically — but manual context for non-request code

Circular Imports

from app import app in models causes circular — use factory pattern
Import inside function for late binding — or use current_app
Blueprints help organize — register at factory time, not import time
Extensions init with init_app(app) pattern — create without app, bind later

Sessions and Security

SECRET_KEY required for sessions — random bytes, not weak string
No SECRET_KEY = unsigned cookies — anyone can forge session data
SESSION_COOKIE_SECURE=True in production — only send over HTTPS
SESSION_COOKIE_HTTPONLY=True — JavaScript can't access

Debug Mode

debug=True in production = remote code execution — attacker can run Python
Use FLASK_DEBUG env var — not hardcoded
Debug PIN in logs if debug enabled — extra layer, but still dangerous

Blueprints

url_prefix set at registration — app.register_blueprint(bp, url_prefix='/api')
Blueprint routes relative to prefix — @bp.route('/users') becomes /api/users
blueprint.before_request only for that blueprint — app.before_request for all

SQLAlchemy Integration

db.session.commit() explicitly — autocommit not default
Session scoped to request by Flask-SQLAlchemy — but background tasks need own session
Detached object error — object from different session, refetch or merge
db.session.rollback() on error — or session stays in bad state

Production

flask run is dev server — use Gunicorn/uWSGI in production
threaded=True for dev server concurrency — but still not production-ready
Static files through nginx — Flask serving static is slow
PROPAGATE_EXCEPTIONS=True for proper error handling with Sentry etc.

Common Mistakes

return redirect('/login') vs return redirect(url_for('login')) — url_for is refactor-safe
JSON response: return jsonify(data) — not return json.dumps(data)
Form data in request.form — JSON body in request.json or request.get_json()
request.args for query params — request.args.get('page', default=1, type=int)

安全使用建议

This skill is an instruction-only checklist for Flask best practices and does not request credentials or install code — it appears safe and coherent. If you install it, expect only guidance (no code execution). As a general precaution, only grant execution/autonomy to skills you trust; if a future version adds code files, external downloads, or requests credentials, re-evaluate before enabling it.

功能分析

Type: OpenClaw Skill Name: flask Version: 1.0.0 The skill bundle provides educational content and best practices for Flask development, covering common mistakes, security considerations, and production deployment. The `SKILL.md` file contains no malicious instructions, data exfiltration attempts, or prompt injection techniques. Warnings about security risks (e.g., `debug=True` in production) are descriptive and educational, not prescriptive for malicious actions. All content aligns with the stated purpose of avoiding Flask mistakes.

能力评估

✓ Purpose & Capability

Name/description (Flask best-practices) match the content: the SKILL.md contains explanations about contexts, blueprints, sessions, production deployment, and SQLAlchemy. The only required binary is python3, which is reasonable for a Flask-focused skill.

✓ Instruction Scope

SKILL.md is purely documentation and runtime guidance for Flask developers; it does not instruct the agent to read unrelated files, access environment variables, or transmit data to external endpoints.

✓ Install Mechanism

No install spec and no code files are present — lowest-risk, nothing will be written to disk or downloaded.

✓ Credentials

The skill requires no environment variables or credentials. The lack of requested secrets is proportionate to an advice/documentation skill.

✓ Persistence & Privilege

always is false and model invocation is allowed (default). The skill does not request persistent system presence, nor does it modify other skills or system settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install flask
安装完成后，直接呼叫该 Skill 的名称或使用 /flask 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release

元数据

Slug flask

版本 1.0.0

许可证 —

累计安装 4

当前安装数 4

历史版本数 1

常见问题

Flask 是什么？

Avoid common Flask mistakes — context errors, circular imports, session configuration, and production gotchas. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1297 次。

如何安装 Flask？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install flask」即可一键安装，无需额外配置。

Flask 是免费的吗？

是的，Flask 完全免费（开源免费），可自由下载、安装和使用。

Flask 支持哪些平台？

Flask 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（linux, darwin, win32）。

谁开发了 Flask？

由 Iván（@ivangdavila）开发并维护，当前版本 v1.0.0。