← 返回 Skills 市场
nickleodoen

Resume Context

作者 Nikhil Yachareni · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
138
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install resume-context
功能描述
ALWAYS use this skill (never memory_search or exec alone) when the user asks about coding sessions, recent dev work, project briefings, or developer notes. T...
安全使用建议
Before installing, be aware of three practical risks: 1) The SKILL.md instructs the agent to run a find over your home directory to locate projects — that can touch many personal files; only allow this if you trust the skill. 2) The bridge calls your local `resume` CLI, which in turn calls an LLM (Anthropic) if you set ANTHROPIC_API_KEY — that means session/command data will be sent to external APIs under your API key. The skill metadata does not declare ANTHROPIC_API_KEY, so you should assume resume will use whatever keys exist in your environment. 3) The skill requires you to provide a REDIS_URL; that Redis instance will store cached session output. Only use a Redis instance you control (or a short-lived/isolated one) and avoid sharing production credentials. Additional suggestions: inspect the `resume` binary/source before installing, prefer a local Redis or restricted credentials, and if you want to avoid broad filesystem scans, modify the skill to accept explicit project paths rather than running find.
功能分析
Type: OpenClaw Skill Name: resume-context Version: 1.0.2 The skill bundle contains a potential shell injection vulnerability in SKILL.md (Step 2), where user-provided project names are interpolated directly into a 'find' command template. While the bridge script resume-mcp.js uses the safer execFile for execution, the instructions for the AI agent to perform directory discovery via shell are risky. Additionally, the skill requires the installation of an external binary from a personal GitHub repository (github.com/nickleodoen/resume) and the use of a Redis instance for caching potentially sensitive session briefings, which increases the overall attack surface.
能力评估
Purpose & Capability
Name/description match the included code: the node bridge shells out to a local `resume` binary and caches results in Redis. Requiring `node` and `resume` and a Redis URL is proportional to the stated purpose. However the SKILL.md also instructs the user to set ANTHROPIC_API_KEY and to install `resume` via cargo — those additional external dependencies are not declared in requires.env and are not validated by the bridge, so the skill's metadata is incomplete.
Instruction Scope
SKILL.md tells the agent to search the user's home (find ~ -maxdepth 4 ...) to locate projects. That grants the agent explicit permission to scan large portions of the home directory, which may surface unrelated files. The bridge code itself does not perform the find; it expects a project path argument, so there is an operational mismatch: the instructions require the agent to run shell search commands (not listed in required binaries) to produce that path. The resume CLI invoked by the bridge will call an LLM (per the docs) and may send session/command data to external APIs — this is expected but worth noting for privacy.
Install Mechanism
There is no automated install spec (instruction-only for OpenClaw), which is lower risk for arbitrary downloads. The package.json and package-lock reference vetted npm redis packages only. The SKILL.md instructs installing `resume` via cargo from a GitHub repo — that is an out-of-band install step for the user and not performed by the skill; it's reasonable but should be made explicit in metadata.
Credentials
The skill declares a single required env var (REDIS_URL) and uses it as primary credential — appropriate. However SKILL.md also instructs the user to set ANTHROPIC_API_KEY for the resume CLI; that variable is necessary for `resume` to call Claude but is not declared in requires.env. The bridge inherits process.env when calling the resume binary, so any env the user has (including API keys) could be used by `resume`. This should be documented and surfaced in the skill metadata.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide privilege. It runs on-demand as a user-level bridge script and caches only into the Redis instance you provide. Autonomous invocation is enabled by default (platform default) and not by itself a concern here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install resume-context
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /resume-context 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Expanded and clarified the Requirements section with detailed setup steps for resume, ANTHROPIC_API_KEY, and Redis. - Added installation instructions for the resume CLI and steps for enabling its shell hook. - Provided clearer guidance on obtaining a Redis Cloud URL. - No changes to code or environment; documentation improvements only.
v1.0.1
- Clarified and shortened the skill description for improved readability. - Minor copyedits to trigger phrase examples in the SKILL.md description. - No functional, logic, or interface changes; documentation only.
v1.0.0
resume-context 1.0.0 - Initial release of the resume-context skill. - Provides developer session briefings and notes via the resume CLI, integrating Redis caching for fast responses. - Automatically classifies user intent (briefing vs. notes) based on trigger phrases. - Resolves project directories using common search locations, preferring paths with a .resume/ subdirectory. - Runs resume commands via a Node.js bridge, returning plain-English summaries generated by LLMs. - Includes cache logic: returns cached responses if available, otherwise fetches fresh data and caches it. - Requires resume CLI, Redis, and Node.js; supports environment variable configuration.
元数据
Slug resume-context
版本 1.0.2
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 3
常见问题

Resume Context 是什么?

ALWAYS use this skill (never memory_search or exec alone) when the user asks about coding sessions, recent dev work, project briefings, or developer notes. T... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 138 次。

如何安装 Resume Context?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install resume-context」即可一键安装,无需额外配置。

Resume Context 是免费的吗?

是的,Resume Context 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Resume Context 支持哪些平台?

Resume Context 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Resume Context?

由 Nikhil Yachareni(@nickleodoen)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论