← 返回 Skills 市场
React Component Generator
作者
Sunshine-del-ux
· GitHub ↗
· v1.0.0
823
总下载
0
收藏
6
当前安装
1
版本数
在 OpenClaw 中安装
/install react-component-generator
功能描述
生成 React 组件模板,支持 Function Component, Class Component, Hooks, TypeScript,一键生成完整组件代码。
安全使用建议
This skill appears low-risk but is inconsistent with its documentation. Before installing or using it: (1) review the react-component-generator.sh script — it simply creates a basic .jsx function component and replaces the placeholder string; it does not implement TypeScript (.tsx), hooks, class components, or the CLI flags shown in SKILL.md; (2) be aware the script writes to the current directory and will overwrite an existing file named <ComponentName>.jsx without prompting; (3) sed -i usage may be non-portable on macOS (may require a backup suffix); (4) if you expect TypeScript or other templates, either extend the script or source a different implementation; (5) only install/run if you’re comfortable with the above and after backing up that directory. If you want this skill to be trustworthy, ask the author for an updated implementation that matches the documented features and a proper install mechanism (or include clear instructions how to make the script executable and available as the named CLI).
功能分析
Type: OpenClaw Skill
Name: react-component-generator
Version: 1.0.0
The `react-component-generator.sh` script is vulnerable to path traversal and lacks input sanitization. The component `NAME` (derived from user input `$1`) is directly used in the filename `"$NAME.jsx"` and within a `sed` command, allowing an attacker to create files in arbitrary directories (e.g., `../../../../tmp/evil.jsx`) or potentially break the `sed` command with specially crafted input. This constitutes a significant vulnerability, classifying the skill as suspicious.
能力评估
Purpose & Capability
The name/description promise TypeScript, Hooks, Class components, HOCs and a CLI with flags, but the shipped react-component-generator.sh only creates a basic MyComponent.jsx function component and ignores type/flag semantics. The required artifacts (e.g., TypeScript .tsx output, hook templates, class templates) are missing.
Instruction Scope
SKILL.md instructs running a CLI with flags (e.g., --typescript, --type hook) that are not implemented by the provided script. The instructions do not direct any sensitive reads or network transmission; they do, however, assume an executable named react-component-generator is available in PATH which the package does not install.
Install Mechanism
There is no install spec (instruction-only with a small bundled script). That minimizes risk: nothing is downloaded or extracted during install.
Credentials
The skill requests no environment variables, credentials, or config paths. The included script does not access environment secrets.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills or system-wide configuration. It only writes a file to the current working directory.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install react-component-generator - 安装完成后,直接呼叫该 Skill 的名称或使用
/react-component-generator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of react-component-generator.
- Generate React component templates in one click
- Supports Function Components, Class Components, Custom Hooks, Higher-Order Components
- TypeScript support included
- CLI usage for quick component scaffolding
元数据
常见问题
React Component Generator 是什么?
生成 React 组件模板,支持 Function Component, Class Component, Hooks, TypeScript,一键生成完整组件代码。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 823 次。
如何安装 React Component Generator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install react-component-generator」即可一键安装,无需额外配置。
React Component Generator 是免费的吗?
是的,React Component Generator 完全免费(开源免费),可自由下载、安装和使用。
React Component Generator 支持哪些平台?
React Component Generator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 React Component Generator?
由 Sunshine-del-ux(@sunshine-del-ux)开发并维护,当前版本 v1.0.0。
推荐 Skills