← 返回 Skills 市场
67
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install sen-dev-patterns
功能描述
个人开发提效Skill - 沉淀页面布局、样式风格、代码模块、算法库、踩坑记录。适用于用户需要复用个人开发经验、遵循统一规范、调用已沉淀的计算口径或模块的场景。
安全使用建议
This skill is mainly a collection of docs, templates and helper scripts and appears legitimate for its stated purpose. However the included publisher scripts will try to find GitHub/Gitee tokens automatically (environment variables, VSCode storage, git credential helper) and then set git remotes that embed those tokens before pushing. Before running any publish script: 1) Inspect publish_skill.py and publish_gitee.py yourself to confirm you understand what they do. 2) Prefer to provide a token explicitly (as an environment variable you control) rather than letting the script hunt for stored credentials. 3) If you run the scripts, check .git/config afterwards and remove any remote URLs containing tokens; rotate any tokens that were embedded. 4) Only run these scripts in a trusted environment (or a copy/clone of the repo) and avoid running them if you don't want tools to access your IDE or git credential storage. 5) If you want publishing convenience without risk, manually create repos and push using your normal git tooling instead of running the automated scripts.
功能分析
Type: OpenClaw Skill
Name: sen-dev-patterns
Version: 0.1.0
The bundle contains publishing scripts (publish_skill.py and publish_gitee.py) that exhibit high-risk behaviors, including an intrusive credential discovery mechanism that searches for GitHub tokens in environment variables, Git credentials, and VSCode's internal global storage (%APPDATA%\Code\User\globalStorage\github-auth-token). Furthermore, these scripts contain hardcoded usernames ('sinadook' and 'the13ai') in API check endpoints and Git remote URLs, which could lead to code being pushed to unintended accounts if executed. While these scripts are framed as repository management utilities, the automated harvesting of sensitive tokens combined with hardcoded target accounts is highly irregular and poses a significant security risk.
能力标签
能力评估
Purpose & Capability
The skill is a personal development-patterns library (UI, algorithms, templates). Having helper scripts to publish the repo (publish_skill.py, publish_gitee.py) is coherent with the developer workflow and with the SKILL.md/PUBLISH_GUIDE. However the publishing scripts implement automated credential discovery (VSCode storage, git credential helper) which is more intrusive than simply asking the user for an explicit token.
Instruction Scope
SKILL.md lists only benign usage (init templates, reuse algorithms). It does instruct running publisher scripts in PUBLISH_GUIDE, but does not explicitly warn that those scripts will search local credential stores and change git remotes. The publish scripts contain logic to read environment variables, inspect VSCode globalStorage, call 'git credential fill', and then set git remotes embedding tokens — actions outside the narrow scope of 'read docs / generate templates' and which may access or persist credentials unexpectedly.
Install Mechanism
No remote install/downloads are used (instruction-only + bundled scripts), so there's no external download risk. However the package includes executable Python scripts that will run on the user's machine if executed; that local execution capability increases risk compared with pure-doc skills.
Credentials
The skill declares no required env vars, yet publisher scripts will read GITHUB_TOKEN/GH_TOKEN/GITHUB_PERSONAL_ACCESS_TOKEN and will search VSCode state and the git credential helper for tokens. For a publishing convenience script this may be intended, but it is disproportionate for a 'patterns' skill to proactively harvest local credentials rather than explicitly asking the user to supply them. This behavior can expose sensitive tokens from unrelated locations.
Persistence & Privilege
publish_gitee.py and publish_skill.py modify git remotes by embedding credentials into remote URLs (e.g. https://username:[email protected]/...). That change is persistent (written into .git/config or remote settings) and can leak tokens to logs, config files, or other tooling. The skill does not request 'always: true', but the scripts still cause lasting changes to repository configuration if executed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sen-dev-patterns - 安装完成后,直接呼叫该 Skill 的名称或使用
/sen-dev-patterns触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release with comprehensive personal development patterns, UI standards, code modules, and project structuring guidelines.
- Provides a structured repository for UI design, code modules, algorithm recipes, and pitfalls documentation.
- Includes standard principles to maintain code stability and transparency.
- Offers cross-platform UI style templates for Python (desktop, Tkinter, and Web), consistent color palette, and modular project directory recommendations.
- Adds reusable code snippets and scripts to streamline module creation.
- Suitable for rapid reuse and consistency across personal projects.
元数据
常见问题
Sen Dev Patterns 是什么?
个人开发提效Skill - 沉淀页面布局、样式风格、代码模块、算法库、踩坑记录。适用于用户需要复用个人开发经验、遵循统一规范、调用已沉淀的计算口径或模块的场景。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 67 次。
如何安装 Sen Dev Patterns?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sen-dev-patterns」即可一键安装,无需额外配置。
Sen Dev Patterns 是免费的吗?
是的,Sen Dev Patterns 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Sen Dev Patterns 支持哪些平台?
Sen Dev Patterns 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sen Dev Patterns?
由 the13ai(@the13ai)开发并维护,当前版本 v0.1.0。
推荐 Skills