polish-claw-project

pjt222

Actualizado Yesterday

6 vistas

Metaautomation

Acerca de

Esta habilidad proporciona un flujo de trabajo estructurado de 9 pasos para contribuir con revisiones de código centradas en seguridad y correcciones a los repositorios del ecosistema OpenClaw. Enfatiza la auditoría paralela, la prevención de falsos positivos y la contrastación de hallazgos con incidencias existentes para identificar cambios de alto impacto. Úsala cuando desees auditar sistemáticamente y enviar solicitudes de extracción a proyectos como NVIDIA/OpenClaw o NVIDIA/NemoClaw.

Instalación rápida

Claude Code

Recomendado

Principal

npx skills add pjt222/agent-almanac -a claude-code

Comando PluginAlternativo

/plugin add https://github.com/pjt222/agent-almanac

Git CloneAlternativo

git clone https://github.com/pjt222/agent-almanac.git ~/.claude/skills/polish-claw-project

Copia y pega este comando en Claude Code para instalar esta habilidad

Documentación

Polish Claw Project

Structured workflow for OpenClaw ecosystem contributions. Novel value: Steps 5-7 — parallel audit, false positive prevention, cross-ref findings vs open issues → high-impact picks. Mechanical steps (fork, PR) → existing skills.

Use When

Contribute to NVIDIA/OpenClaw, NVIDIA/NemoClaw, NVIDIA/NanoClaw, similar Claw repos
First-time contributions to unfamiliar OSS w/ security-sensitive arch
Want repeatable auditable workflow vs ad-hoc fixes
Found Claw project accepting external contributions (check CONTRIBUTING.md)

In

Required: repo_url — GitHub URL of target Claw project (e.g., https://github.com/NVIDIA/NemoClaw)
Optional:
- contribution_count — n contributions (default: 1-3)
- focus — security, tests, docs, bugs, any (default: any)
- fork_org — fork target org/user (default: authenticated user)

Do

Step 1: Identify + Verify Target

Confirm project accepts external + actively maintained.

Read CONTRIBUTING.md, CODE_OF_CONDUCT.md, LICENSE
Check recent commit activity (last 30 days) + open PR merge rate
Verify permissive or contribution-friendly license
Read SECURITY.md if present → note disclosure rules
Identify primary language, test framework, CI

→ CONTRIBUTING.md exists, commits w/in 30 days, clear contribution guidelines.

If err: no CONTRIBUTING.md or no recent activity → doc why + stop. Stale projects rarely merge external PRs.

Step 2: Fork + Clone

Working copy of repo.

Fork: gh repo fork <repo_url> --clone
Upstream remote: git remote add upstream <repo_url>
Verify: git remote -v shows origin (fork) + upstream
Sync: git fetch upstream && git checkout main && git merge upstream/main

→ Local clone w/ both remotes configured + up to date.

If err: fork fails → check gh auth status. Slow clone → --depth=1 for initial explore.

Step 3: Explore Codebase

Build mental model of arch.

Read README.md for arch overview + goals
ID entry points, core modules, public API surface
Map test structure: where tests, framework, coverage
Note style conventions: linter config, naming, import style
Check Docker/container, CI config, deployment patterns

→ Clear understanding of structure, conventions, where contributions fit.

If err: arch unclear → focus on subsystem not whole project.

Step 4: Read Open Issues

Survey issues → understand needs + avoid duplicate work.

List: gh issue list --state open --limit 50
Categorize: bugs, features, docs, security, good-first-issue
Note help wanted, good first issue, hacktoberfest labels
Stale issues (>90 days, no recent comments) → may be abandoned
Read linked PRs → understand attempted solutions

→ Categorized unclaimed issues w/ type labels.

If err: no open issues → Step 5, audit may uncover unlisted improvements.

Step 5: Parallel Audit

Run security + quality audits in parallel. Where novel findings emerge.

Run security-audit-codebase against project root
Simultaneously run review-codebase w/ scope quality
Critical: verify each finding vs project's threat model + arch
- "Hardcoded secret" in sandbox bootstrap = not vuln
- Missing input validation on internal-only fn = low severity
- Dep flagged vulnerable may already be mitigated by arch
Rate verified: CRITICAL, HIGH, MEDIUM, LOW
Doc false positives w/ reasoning → informs Pitfalls for future runs

→ Verified findings list w/ severity + false positive annotations.

If err: no findings → shift to test coverage gaps, docs, dev experience.

Step 6: Cross-Reference Findings

Map verified findings → open issues. Core judgment step.

Per finding, search open issues for related discussions
Categorize:
- Matches open issue — link finding to issue
- New finding — no existing issue
- Already fixed in PR — check open PRs for in-progress fixes
Prioritize matching issues (highest merge prob)
New findings → assess if maintainers welcome based on priorities

→ Prioritized list w/ finding-to-issue map + merge prob assessment.

If err: all findings already addressed → return Step 4, look for docs, tests, dev experience.

Step 7: Select Contributions

Pick 1-3 by impact, effort, expertise.

Score each:
- Impact: Improvement? (security > bugs > tests > docs)
- Effort: Done well in focused session? (prefer small complete PRs)
- Expertise: Domain knowledge?
- Merge prob: Matches stated priorities?
Pick top (default 1-3)
Per: branch name, scope boundary, acceptance criteria, test plan

→ 1-3 selected contributions w/ clear scope + acceptance criteria.

If err: nothing scores well → file well-written issues instead of PRs.

Step 8: Implement

Branch per contribution + implement fix.

Per contribution: git checkout -b fix/<description>
Follow conventions exactly (linter, naming, imports)
Add/update tests covering change
Run test suite → verify all pass
Run linter → verify no new warnings
Keep PR focused — one logical change per branch

→ Clean impl w/ passing tests + no linter warnings.

If err: tests fail on pre-existing issues → doc them, ensure PR doesn't introduce new failures.

Step 9: Create PRs

Submit per CONTRIBUTING.md.

Push: git push origin fix/<description>
PR via create-pull-request skill
Ref related issue in body ("Fixes #123")
Follow PR template if exists
Responsive to reviewer feedback → iterate quickly

→ PRs created, linked to issues, following conventions.

If err: PR create fails → check branch protection + CLA.

Check

All selected contributions impl + submitted as PRs
Each PR refs related issue (if exists)
All project tests pass on each PR branch
No false positives submitted as real issues
PR descriptions follow CONTRIBUTING.md template

Traps

False positive overclaim: Claw uses sandbox arch — "vuln" inside sandbox may be by design. Verify vs threat model before reporting.
Digest/signature chain disruption: Claw uses verification chains for model integrity. Changes must preserve or PR rejected.
Convention mismatch: Claw enforces strict style. Run project's own linter, not generic. Match imports, docstrings, test patterns exactly.
Scope creep: 3 focused PRs merge faster than 1 sprawling. Keep atomic.
Stale fork: Always sync upstream before work (git fetch upstream && git merge upstream/main).

→

security-audit-codebase — used in Step 5 for security findings
review-codebase — used in Step 5 for quality review
create-pull-request — used in Step 9 for PR create
create-github-issues — file issues from findings not addressed as PRs
manage-git-branches — branch mgmt during impl
commit-changes — commit workflow

Repositorio GitHub

pjt222/agent-almanac

Ruta: i18n/caveman-ultra/skills/polish-claw-project

agentsagentskillsai-assisted-developmentclaude-codeskillsteams

Habilidades relacionadas

content-collections

Meta

Esta habilidad proporciona una configuración probada en producción para Content Collections, una herramienta centrada en TypeScript que transforma archivos Markdown/MDX en colecciones de datos con tipado seguro mediante validación Zod. Úsala al construir blogs, sitios de documentación o aplicaciones Vite + React con mucho contenido para garantizar seguridad de tipos y validación automática de contenido. Abarca todo, desde la configuración del plugin de Vite y compilación MDX hasta la optimización de despliegue y validación de esquemas.

Ver habilidad

polymarket

Meta

Esta habilidad permite a los desarrolladores crear aplicaciones con la plataforma de mercados de predicción Polymarket, incluyendo la integración de API para operaciones y datos de mercado. También proporciona transmisión de datos en tiempo real a través de WebSocket para monitorear operaciones en vivo y actividad del mercado. Úsela para implementar estrategias de trading o crear herramientas que procesen actualizaciones de mercado en tiempo real.

Ver habilidad

creating-opencode-plugins

Meta

Esta habilidad ayuda a los desarrolladores a crear complementos de OpenCode que se conectan a más de 25 tipos de eventos, como comandos, archivos y operaciones LSP. Proporciona la estructura del complemento, las especificaciones de la API de eventos y los patrones de implementación para módulos en JavaScript/TypeScript. Úsala cuando necesites interceptar, monitorear o extender el ciclo de vida del asistente de IA de OpenCode con lógica personalizada basada en eventos.

Ver habilidad

sglang

Meta

SGLang es un framework de alto rendimiento para el servicio de LLM que se especializa en generación rápida y estructurada para JSON, expresiones regulares y flujos de trabajo de agentes utilizando su caché de prefijos RadixAttention. Ofrece una inferencia significativamente más rápida, especialmente para tareas con prefijos repetidos, lo que lo hace ideal para salidas complejas y estructuradas, y conversaciones multiturno. Elige SGLang sobre alternativas como vLLM cuando necesites decodificación restringida o estés construyendo aplicaciones con uso extensivo de prefijos compartidos.

Ver habilidad