← 返回 Skills 市场
Reactive Resume
作者
pupuking723
· GitHub ↗
· v1.0.0
· MIT-0
282
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install reactive-resume
功能描述
Reactive Resume 开源简历构建器开发指南。使用 TanStack Start (React 19 + Vite)、PostgreSQL + Drizzle ORM、ORPC (Type-safe RPC)、Better Auth。当用户需要:(1) 本地开发环境搭建,(2) 自定义模板开发,(3)...
安全使用建议
This skill is a development guide and includes helper scripts; it is not trying to hide malicious behavior, but you should be careful before running anything: 1) Inspect .env/.env.example — the docs expect DATABASE_URL, PRINTER_ENDPOINT, and other secrets; never point DATABASE_URL at a production DB. 2) The scripts include db-reset.py which will drop all tables via psql — run it only against a dev database and read the script to understand its prompts. 3) db-reset.py uses subprocess with shell=True and constructs shell commands from DATABASE_URL; avoid running it on untrusted input. 4) create-template.py writes files into your repo; review paths before running. 5) The docs recommend starting dockerd with sudo and running docker compose — these are normal for self-hosting but require root and network access. If you plan to let an agent invoke this skill autonomously, be aware it may instruct the agent to run system commands that can modify your environment; prefer manual invocation and confirm environment variables and target systems first.
功能分析
Type: OpenClaw Skill
Name: reactive-resume
Version: 1.0.0
The skill bundle contains a shell injection vulnerability in `scripts/db-reset.py`, where the `DATABASE_URL` environment variable is unsafely interpolated into a `subprocess.run(shell=True)` call. Additionally, `SKILL.md` contains instructions for the AI agent to execute high-privilege commands (`sudo dockerd`), which increases the attack surface. While these scripts and instructions appear intended for legitimate local development of the 'Reactive Resume' project, the lack of input sanitization and the requirement for elevated privileges pose a security risk in an automated environment.
能力评估
Purpose & Capability
Name/description match the content: this is a development/self-hosting guide for Reactive Resume. The included files (template boilerplate, template-creator script, DB reset script, and extensive docs) are appropriate for that purpose. Minor inconsistency: skill metadata declares no required environment variables, but the documentation and scripts clearly require several environment variables to run (DATABASE_URL, PRINTER_ENDPOINT, BETTER_AUTH_SECRET, optional cloud/storage/API keys).
Instruction Scope
SKILL.md stays within the stated scope (local dev, templates, deployment). It instructs running Docker, docker-compose, copying .env, starting the dev server, and performing DB migrations. It also references scripts that will read .env and run psql to drop tables — destructive but consistent with a 'dev reset' tool. Nothing in SKILL.md instructs exfiltration or accessing unrelated system resources, but it does instruct running system-level commands (sudo dockerd, docker compose, pnpm, psql).
Install Mechanism
No install spec — instruction-only with bundled helper scripts and docs. That's low-risk for arbitrary code download. The provided files are typical project artifacts; there are no external arbitrary download URLs or extraction steps in the install metadata.
Credentials
The skill metadata lists no required env vars, yet the documentation and scripts depend on many environment variables (DATABASE_URL, PRINTER_ENDPOINT/APP_URL, BETTER_AUTH_SECRET, STORAGE_* and optional AI keys). The db-reset script reads .env or env vars and will act on the database referenced by DATABASE_URL. This mismatch between declared requirements and actual runtime needs could cause surprising behavior if run without awareness.
Persistence & Privilege
Skill is not always-enabled and does not request persistent platform-wide privileges. It does not modify other skills or system-wide agent config. The biggest operational privilege is the ability to run user-level system commands when a developer follows the guide (expected for a dev tool).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install reactive-resume - 安装完成后,直接呼叫该 Skill 的名称或使用
/reactive-resume触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Reactive Resume 开发工作流文档首发,帮助开发者高效了解和参与项目开发。
- 新增详细开发环境搭建、模板开发、数据库迁移、API 扩展和自部署全流程指南
- 补充推荐技术栈、项目结构总览、多语言和常见问题解答
- 提供官方文档及社区资源导航
- 列举最佳实践和应避免的问题点
- 附相关辅助工具及文件参考路径
元数据
常见问题
Reactive Resume 是什么?
Reactive Resume 开源简历构建器开发指南。使用 TanStack Start (React 19 + Vite)、PostgreSQL + Drizzle ORM、ORPC (Type-safe RPC)、Better Auth。当用户需要:(1) 本地开发环境搭建,(2) 自定义模板开发,(3)... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 282 次。
如何安装 Reactive Resume?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install reactive-resume」即可一键安装,无需额外配置。
Reactive Resume 是免费的吗?
是的,Reactive Resume 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Reactive Resume 支持哪些平台?
Reactive Resume 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Reactive Resume?
由 pupuking723(@pupuking723)开发并维护,当前版本 v1.0.0。
推荐 Skills