← 返回 Skills 市场
dandandujie

rust-rebuilder

作者 dandandujie · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
381
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install rust-rebuilder
功能描述
Plan and execute incremental project rewrites to Rust with architecture mapping, parity verification, idiomatic Rust guidance, dependency preflight checks, a...
安全使用建议
This skill appears to do what it claims: plan and perform incremental Rust rewrites and generate upstream sync reports. Before installing or running it, consider the following: - It will read files under your home directory (~/.codex/skills and ~/.codex/config.toml) to detect other installed skills/MCPs — review those files if they contain sensitive data. - The skill expects a platform installer helper ($skill-installer) to install missing skills; confirm what that installer does and which repository it pulls from before allowing automatic installs. - The upstream report script runs git commands (fetch, rev-list, log) and will attempt to contact remotes named upstream/origin; ensure you are comfortable with the skill performing network fetches against your remotes and that your git remotes are correctly set. - The dependency check prints installation guidance that points to GitHub repositories (two grok-search links and a github-helper repo). Review those upstream repos before following automated install instructions. - Minor inconsistency: SKILL.md suggests the github-helper may be in the user's GitHub, while scripts/check_dependencies.py includes a specific github.com/dandandujie/github-helper URL — verify which source you want to trust. If you want additional assurance, run the two included Python scripts manually in a safe repository to observe their behavior, and verify your platform's $skill-installer semantics before allowing the skill to install other skills automatically.
功能分析
Type: OpenClaw Skill Name: rust-rebuilder Version: 1.0.0 The skill is classified as suspicious due to the `scripts/upstream_sync_report.py` script and instructions in `references/github-upstream-sync.md` that involve executing external commands (`git` and `gh` CLI) with user-controlled inputs. Specifically, `scripts/upstream_sync_report.py` uses `subprocess.run` to execute `git` commands on a user-specified repository path (`--repo`) and branch name (`--branch`). While `subprocess.run` uses a list of arguments (mitigating classic shell injection), the capability to run `git` commands on an arbitrary local path and `gh` commands (as instructed in `references/github-upstream-sync.md`) introduces a significant attack surface and vulnerability risk if the AI agent were to be prompted maliciously to operate on unintended repositories or with crafted inputs.
能力评估
Purpose & Capability
The skill's name/description (Rust rewrites, parity verification, upstream sync) match its included scripts and reference docs. Asking for grok-search and github-helper skills is coherent for obtaining Rust ecosystem info and GitHub repo operations. The files and steps present (check_dependencies.py, upstream_sync_report.py, references/*.md) support the declared purpose.
Instruction Scope
Runtime instructions are focused on migration workflows and explicitly require running the included Python scripts and reading shipped reference documentation. They also instruct the agent to install or call other skills (grok-search, github-helper) and to run git operations to fetch remotes and generate reports; this is consistent with upstream synchronization but does grant the skill ability to read ~/.codex/skills and ~/.codex/config.toml and to run git fetch/log commands. The SKILL.md references a platform variable ($skill-installer) and prompt template variables ($rust-rebuilder) that are not declared in the skill metadata — this is an operational assumption rather than a security flaw, but you should confirm the platform supplies or restricts those.
Install Mechanism
No install spec is provided (instruction-only with two helper scripts bundled). The included scripts are small, readable, and do not download or execute remote code. There are no extract/download install steps in the skill itself.
Credentials
The skill declares no required environment variables or credentials, which matches the code. However it reads user-local paths (~/.codex/skills and ~/.codex/config.toml) to detect installed skills/MCPs and expects to call out to a $skill-installer mechanism to add skills — the latter is not declared and is an assumed platform helper. Reading the user's ~/.codex config is proportionate to checking for other skills, but you should be aware it will access files in your home directory.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide changes. It does instruct use of other skills and running git fetch/log commands, but it does not modify other skills' configurations or write to system-wide settings. Agent autonomous invocation is allowed by platform default and not by itself concerning here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install rust-rebuilder
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /rust-rebuilder 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of rust-rebuilder: a skill for methodical project rewrites to Rust with automated dependency checks, architecture mapping, parity verification, and upstream GitHub synchronization. - Supports incremental, verifiable, and reversible rewrites with detailed migration workflow. - Enforces mandatory dependency preflight checks for grok-search and github-helper, pausing execution if missing. - Provides explicit output contracts covering migration scope, equivalence strategy, Rust design decisions, risk register, and upstream sync notes. - Includes strict backend Rust guardrails and integrates external guideline/reference documents. - Enables continuous synchronization with GitHub source repositories. - Supplies quick-start prompt patterns and resource mapping for smooth adoption.
元数据
Slug rust-rebuilder
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

rust-rebuilder 是什么?

Plan and execute incremental project rewrites to Rust with architecture mapping, parity verification, idiomatic Rust guidance, dependency preflight checks, a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 381 次。

如何安装 rust-rebuilder?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install rust-rebuilder」即可一键安装,无需额外配置。

rust-rebuilder 是免费的吗?

是的,rust-rebuilder 完全免费(开源免费),可自由下载、安装和使用。

rust-rebuilder 支持哪些平台?

rust-rebuilder 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 rust-rebuilder?

由 dandandujie(@dandandujie)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论