MCP HubMCP Hub
返回技能列表

polish-claw-project

pjt222
更新于 2 days ago
8 次查看
17
2
17
在 GitHub 上查看
automation

关于

This skill provides a structured 9-step workflow for contributing security-focused code reviews and fixes to the OpenClaw ecosystem repositories. It emphasizes parallel auditing, false positive prevention, and cross-referencing findings with existing issues to identify high-impact changes. Use it when you want to systematically audit and submit pull requests to projects like NVIDIA/OpenClaw or NVIDIA/NemoClaw.

快速安装

Claude Code

推荐
主要方式
npx skills add pjt222/agent-almanac -a claude-code
插件命令备选方式
/plugin add https://github.com/pjt222/agent-almanac
Git 克隆备选方式
git clone https://github.com/pjt222/agent-almanac.git ~/.claude/skills/polish-claw-project

在 Claude Code 中复制并粘贴此命令以安装该技能

技能文档

Polish Claw Project

Structured workflow for OpenClaw ecosystem contributions. Novel value: Steps 5-7 — parallel audit, false positive prevention, cross-ref findings vs open issues → high-impact picks. Mechanical steps (fork, PR) → existing skills.

Use When

  • Contribute to NVIDIA/OpenClaw, NVIDIA/NemoClaw, NVIDIA/NanoClaw, similar Claw repos
  • First-time contributions to unfamiliar OSS w/ security-sensitive arch
  • Want repeatable auditable workflow vs ad-hoc fixes
  • Found Claw project accepting external contributions (check CONTRIBUTING.md)

In

  • Required: repo_url — GitHub URL of target Claw project (e.g., https://github.com/NVIDIA/NemoClaw)
  • Optional:
    • contribution_count — n contributions (default: 1-3)
    • focussecurity, tests, docs, bugs, any (default: any)
    • fork_org — fork target org/user (default: authenticated user)

Do

Step 1: Identify + Verify Target

Confirm project accepts external + actively maintained.

  1. Read CONTRIBUTING.md, CODE_OF_CONDUCT.md, LICENSE
  2. Check recent commit activity (last 30 days) + open PR merge rate
  3. Verify permissive or contribution-friendly license
  4. Read SECURITY.md if present → note disclosure rules
  5. Identify primary language, test framework, CI

→ CONTRIBUTING.md exists, commits w/in 30 days, clear contribution guidelines.

If err: no CONTRIBUTING.md or no recent activity → doc why + stop. Stale projects rarely merge external PRs.

Step 2: Fork + Clone

Working copy of repo.

  1. Fork: gh repo fork <repo_url> --clone
  2. Upstream remote: git remote add upstream <repo_url>
  3. Verify: git remote -v shows origin (fork) + upstream
  4. Sync: git fetch upstream && git checkout main && git merge upstream/main

→ Local clone w/ both remotes configured + up to date.

If err: fork fails → check gh auth status. Slow clone → --depth=1 for initial explore.

Step 3: Explore Codebase

Build mental model of arch.

  1. Read README.md for arch overview + goals
  2. ID entry points, core modules, public API surface
  3. Map test structure: where tests, framework, coverage
  4. Note style conventions: linter config, naming, import style
  5. Check Docker/container, CI config, deployment patterns

→ Clear understanding of structure, conventions, where contributions fit.

If err: arch unclear → focus on subsystem not whole project.

Step 4: Read Open Issues

Survey issues → understand needs + avoid duplicate work.

  1. List: gh issue list --state open --limit 50
  2. Categorize: bugs, features, docs, security, good-first-issue
  3. Note help wanted, good first issue, hacktoberfest labels
  4. Stale issues (>90 days, no recent comments) → may be abandoned
  5. Read linked PRs → understand attempted solutions

→ Categorized unclaimed issues w/ type labels.

If err: no open issues → Step 5, audit may uncover unlisted improvements.

Step 5: Parallel Audit

Run security + quality audits in parallel. Where novel findings emerge.

  1. Run security-audit-codebase against project root
  2. Simultaneously run review-codebase w/ scope quality
  3. Critical: verify each finding vs project's threat model + arch
    • "Hardcoded secret" in sandbox bootstrap = not vuln
    • Missing input validation on internal-only fn = low severity
    • Dep flagged vulnerable may already be mitigated by arch
  4. Rate verified: CRITICAL, HIGH, MEDIUM, LOW
  5. Doc false positives w/ reasoning → informs Pitfalls for future runs

→ Verified findings list w/ severity + false positive annotations.

If err: no findings → shift to test coverage gaps, docs, dev experience.

Step 6: Cross-Reference Findings

Map verified findings → open issues. Core judgment step.

  1. Per finding, search open issues for related discussions
  2. Categorize:
    • Matches open issue — link finding to issue
    • New finding — no existing issue
    • Already fixed in PR — check open PRs for in-progress fixes
  3. Prioritize matching issues (highest merge prob)
  4. New findings → assess if maintainers welcome based on priorities

→ Prioritized list w/ finding-to-issue map + merge prob assessment.

If err: all findings already addressed → return Step 4, look for docs, tests, dev experience.

Step 7: Select Contributions

Pick 1-3 by impact, effort, expertise.

  1. Score each:
    • Impact: Improvement? (security > bugs > tests > docs)
    • Effort: Done well in focused session? (prefer small complete PRs)
    • Expertise: Domain knowledge?
    • Merge prob: Matches stated priorities?
  2. Pick top (default 1-3)
  3. Per: branch name, scope boundary, acceptance criteria, test plan

→ 1-3 selected contributions w/ clear scope + acceptance criteria.

If err: nothing scores well → file well-written issues instead of PRs.

Step 8: Implement

Branch per contribution + implement fix.

  1. Per contribution: git checkout -b fix/<description>
  2. Follow conventions exactly (linter, naming, imports)
  3. Add/update tests covering change
  4. Run test suite → verify all pass
  5. Run linter → verify no new warnings
  6. Keep PR focused — one logical change per branch

→ Clean impl w/ passing tests + no linter warnings.

If err: tests fail on pre-existing issues → doc them, ensure PR doesn't introduce new failures.

Step 9: Create PRs

Submit per CONTRIBUTING.md.

  1. Push: git push origin fix/<description>
  2. PR via create-pull-request skill
  3. Ref related issue in body ("Fixes #123")
  4. Follow PR template if exists
  5. Responsive to reviewer feedback → iterate quickly

→ PRs created, linked to issues, following conventions.

If err: PR create fails → check branch protection + CLA.

Check

  1. All selected contributions impl + submitted as PRs
  2. Each PR refs related issue (if exists)
  3. All project tests pass on each PR branch
  4. No false positives submitted as real issues
  5. PR descriptions follow CONTRIBUTING.md template

Traps

  • False positive overclaim: Claw uses sandbox arch — "vuln" inside sandbox may be by design. Verify vs threat model before reporting.
  • Digest/signature chain disruption: Claw uses verification chains for model integrity. Changes must preserve or PR rejected.
  • Convention mismatch: Claw enforces strict style. Run project's own linter, not generic. Match imports, docstrings, test patterns exactly.
  • Scope creep: 3 focused PRs merge faster than 1 sprawling. Keep atomic.
  • Stale fork: Always sync upstream before work (git fetch upstream && git merge upstream/main).

GitHub 仓库

pjt222/agent-almanac
路径: i18n/caveman-ultra/skills/polish-claw-project
0
agentsagentskillsai-assisted-developmentclaude-codeskillsteams

相关推荐技能

content-collections

Content Collections 是一个 TypeScript 优先的构建工具,可将本地 Markdown/MDX 文件转换为类型安全的数据集合。它专为构建博客、文档站和内容密集型 Vite+React 应用而设计,提供基于 Zod 的自动模式验证。该工具涵盖从 Vite 插件配置、MDX 编译到生产环境部署的完整工作流。

查看技能

polymarket

这个Claude Skill为开发者提供完整的Polymarket预测市场开发支持,涵盖API调用、交易执行和市场数据分析。关键特性包括实时WebSocket数据流,可监控实时交易、订单和市场动态。开发者可用它构建预测市场应用、实施交易策略并集成实时市场预测功能。

查看技能

creating-opencode-plugins

该Skill帮助开发者创建OpenCode插件,用于接入命令、文件、LSP等25+种事件。它提供了插件结构、事件API规范和JavaScript/TypeScript实现模式,适合需要拦截操作、扩展功能或自定义事件处理的场景。开发者可通过它快速构建响应式模块来增强OpenCode AI助手的能力。

查看技能

sglang

SGLang是一个专为LLM设计的高性能推理框架,特别适用于需要结构化输出的场景。它通过RadixAttention前缀缓存技术,在处理JSON、正则表达式、工具调用等具有重复前缀的复杂工作流时,能实现极速生成。如果你正在构建智能体或多轮对话系统,并追求远超vLLM的推理性能,SGLang是理想选择。

查看技能