技能详情(站内镜像,无评论)
作者:Alireza Rezvani @alirezarezvani
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v2.1.1
统计:⭐ 2 · 2k · 16 current installs · 16 all-time installs
⭐ 2
安装量(当前) 16
🛡 VirusTotal :良性 · OpenClaw :良性
Package:alirezarezvani/senior-fullstack
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill's files, instructions, and requirements are coherent with its stated purpose (project scaffolding and local code-quality analysis); it runs local Python scripts and does not request extra credentials or install remote code, but you should avoid scanning or pointing it at sensitive system paths and review generated defaults (.env, secret placeholders) before use.
目的
Name/description match the included assets: SKILL.md documents scaffolding and analysis workflows and the package contains two Python scripts (project_scaffolder.py and code_quality_analyzer.py) plus reference guides. Nothing in the manifest requests unrelated credentials, binaries, or services.
说明范围
Runtime instructions tell the agent/user to run the included Python scripts against a given path (e.g., '.' or /path/to/project). That is expected for a scaffolder/analyzer, but both scripts read and write files under the given path. The analyzer will scan files (including .env/.env.example and config files) for secrets and security patterns — so running it against broad system paths (or root) could surface sensitive data. SKILL.md does not in…
安装机制
No install spec is provided; this is instruction-only and includes local Python scripts. No downloads, package installs, or third‑party install URLs are present in the manifest.
证书
The skill declares no required environment variables or credentials, which is proportionate. A minor issue: the scaffolder generates example config files containing default placeholders (e.g., DATABASE_URL with 'user:pass' and SECRET_KEY 'change-me-in-production') — convenient for bootstrapping but insecure if left in production. The analyzer searches for hardcoded secrets and other sensitive strings (expected), so be aware it will surface any…
持久
Skill is not forced-always and does not request elevated platform privileges. It does write scaffolded files into the output directory when used (expected) but does not modify other skills or system-wide configurations.
scripts/project_scaffolder.py:352
Environment variable access combined with network send.
综合结论
This skill appears to do what it says: generate project boilerplate and run a local code-quality/security scan. Before using it: (1) only point the analyzer at project directories you control (avoid /, /home, or system folders) because it reads files and can surface secrets; (2) inspect generated scaffold files and .env.example values and replace default placeholders (SECRET_KEY, DB credentials) before deploying; (3) treat analyzer output as a…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Senior Fullstack」。简介:Fullstack development toolkit with project scaffolding for Next.js, FastAPI, ME…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/alirezarezvani/senior-fullstack/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: "senior-fullstack"
description: Fullstack development toolkit with project scaffolding for Next.js, FastAPI, MERN, and Django stacks, code quality analysis with security and complexity scoring, and stack selection guidance. Use when the user asks to "scaffold a new project", "create a Next.js app", "set up FastAPI with React", "analyze code quality", "audit my codebase", "what stack should I use", "generate project boilerplate", or mentions fullstack development, project setup, or tech stack comparison.
---
# Senior Fullstack
Fullstack development skill with project scaffolding and code quality analysis tools.
---
## Table of Contents
- [Trigger Phrases](#trigger-phrases)
- [Tools](#tools)
- [Workflows](#workflows)
- [Reference Guides](#reference-guides)
---
## Trigger Phrases
Use this skill when you hear:
- "scaffold a new project"
- "create a Next.js app"
- "set up FastAPI with React"
- "analyze code quality"
- "check for security issues in codebase"
- "what stack should I use"
- "set up a fullstack project"
- "generate project boilerplate"
---
## Tools
### Project Scaffolder
Generates fullstack project structures with boilerplate code.
**Supported Templates:**
- `nextjs` - Next.js 14+ with App Router, TypeScript, Tailwind CSS
- `fastapi-react` - FastAPI backend + React frontend + PostgreSQL
- `mern` - MongoDB, Express, React, Node.js with TypeScript
- `django-react` - Django REST Framework + React frontend
**Usage:**
```bash
# List available templates
python scripts/project_scaffolder.py --list-templates
# Create Next.js project
python scripts/project_scaffolder.py nextjs my-app
# Create FastAPI + React project
python scripts/project_scaffolder.py fastapi-react my-api
# Create MERN stack project
python scripts/project_scaffolder.py mern my-project
# Create Django + React project
python scripts/project_scaffolder.py django-react my-app
# Specify output directory
python scripts/project_scaffolder.py nextjs my-app --output ./projects
# JSON output
python scripts/project_scaffolder.py nextjs my-app --json
```
**Parameters:**
| Parameter | Description |
|-----------|-------------|
| `template` | Template name (nextjs, fastapi-react, mern, django-react) |
| `project_name` | Name for the new project directory |
| `--output, -o` | Output directory (default: current directory) |
| `--list-templates, -l` | List all available templates |
| `--json` | Output in JSON format |
**Output includes:**
- Project structure with all necessary files
- Package configurations (package.json, requirements.txt)
- TypeScript configuration
- Docker and docker-compose setup
- Environment file templates
- Next steps for running the project
---
### Code Quality Analyzer
Analyzes fullstack codebases for quality issues.
**Analysis Categories:**
- Security vulnerabilities (hardcoded secrets, injection risks)
- Code complexity metrics (cyclomatic complexity, nesting depth)
- Dependency health (outdated packages, known CVEs)
- Test coverage estimation
- Documentation quality
**Usage:**
```bash
# Analyze current directory
python scripts/code_quality_analyzer.py .
# Analyze specific project
python scripts/code_quality_analyzer.py /path/to/project
# Verbose output with detailed findings
python scripts/code_quality_analyzer.py . --verbose
# JSON output
python scripts/code_quality_analyzer.py . --json
# Save report to file
python scripts/code_quality_analyzer.py . --output report.json
```
**Parameters:**
| Parameter | Description |
|-----------|-------------|
| `project_path` | Path to project directory (default: current directory) |
| `--verbose, -v` | Show detailed findings |
| `--json` | Output in JSON format |
| `--output, -o` | Write report to file |
**Output includes:**
- Overall score (0-100) with letter grade
- Security issues by severity (critical, high, medium, low)
- High complexity files
- Vulnerable dependencies with CVE references
- Test coverage estimate
- Documentation completeness
- Prioritized recommendations
**Sample Output:**
```
============================================================
CODE QUALITY ANALYSIS REPORT
============================================================
Overall Score: 75/100 (Grade: C)
Files Analyzed: 45
Total Lines: 12,500
--- SECURITY ---
Critical: 1
High: 2
Medium: 5
--- COMPLEXITY ---
Average Complexity: 8.5
High Complexity Files: 3
--- RECOMMENDATIONS ---
1. [P0] SECURITY
Issue: Potential hardcoded secret detected
Action: Remove or secure sensitive data at line 42
```
---
## Workflows
### Workflow 1: Start New Project
1. Choose appropriate stack based on requirements (see Stack Decision Matrix)
2. Scaffold project structure
3. Verify scaffold: confirm `package.json` (or `requirements.txt`) exists
4. Run initial quality check — address any P0 issues before proceeding
5. Set up development environment
```bash
# 1. Scaffold project
python scripts/project_scaffolder.py nextjs my-saas-app
# 2. Verify scaffold succeeded
ls my-saas-app/package.json
# 3. Navigate and install
cd my-saas-app
npm install
# 4. Configure environment
cp .env.example .env.local
# 5. Run quality check
python ../scripts/code_quality_analyzer.py .
# 6. Start development
npm run dev
```
### Workflow 2: Audit Existing Codebase
1. Run code quality analysis
2. Review security findings — fix all P0 (critical) issues immediately
3. Re-run analyzer to confirm P0 issues are resolved
4. Create tickets for P1/P2 issues
```bash
# 1. Full analysis
python scripts/code_quality_analyzer.py /path/to/project --verbose
# 2. Generate detailed report
python scripts/code_quality_analyzer.py /path/to/project --json --output audit.json
# 3. After fixing P0 issues, re-run to verify
python scripts/code_quality_analyzer.py /path/to/project --verbose
```
### Workflow 3: Stack Selection
Use the tech stack guide to evaluate options:
1. **SEO Required?** → Next.js with SSR
2. **API-heavy backend?** → Separate FastAPI or NestJS
3. **Real-time features?** → Add WebSocket layer
4. **Team expertise** → Match stack to team skills
See `references/tech_stack_guide.md` for detailed comparison.
---
## Reference Guides
### Architecture Patterns (`references/architecture_patterns.md`)
- Frontend component architecture (Atomic Design, Container/Presentational)
- Backend patterns (Clean Architecture, Repository Pattern)
- API design (REST conventions, GraphQL schema design)
- Database patterns (connection pooling, transactions, read replicas)
- Caching strategies (cache-aside, HTTP cache headers)
- Authentication architecture (JWT + refresh tokens, sessions)
### Development Workflows (`references/development_workflows.md`)
- Local development setup (Docker Compose, environment config)
- Git workflows (trunk-based, conventional commits)
- CI/CD pipelines (GitHub Actions examples)
- Testing strategies (unit, integration, E2E)
- Code review process (PR templates, checklists)
- Deployment strategies (blue-green, canary, feature flags)
- Monitoring and observability (logging, metrics, health checks)
### Tech Stack Guide (`references/tech_stack_guide.md`)
- Frontend frameworks comparison (Next.js, React+Vite, Vue)
- Backend frameworks (Express, Fastify, NestJS, FastAPI, Django)
- Database selection (PostgreSQL, MongoDB, Redis)
- ORMs (Prisma, Drizzle, SQLAlchemy)
- Authentication solutions (Auth.js, Clerk, custom JWT)
- Deployment platforms (Vercel, Railway, AWS)
- Stack recommendations by use case (MVP, SaaS, Enterprise)
---
## Quick Reference
### Stack Decision Matrix
| Requirement | Recommendation |
|-------------|---------------|
| SEO-critical site | Next.js with SSR |
| Internal dashboard | React + Vite |
| API-first backend | FastAPI or Fastify |
| Enterprise scale | NestJS + PostgreSQL |
| Rapid prototype | Next.js API routes |
| Document-heavy data | MongoDB |
| Complex queries | PostgreSQL |
### Common Issues
| Issue | Solution |
|-------|----------|
| N+1 queries | Use DataLoader or eager loading |
| Slow builds | Check bundle size, lazy load |
| Auth complexity | Use Auth.js or Clerk |
| Type errors | Enable strict mode in tsconfig |
| CORS issues | Configure middleware properly |