ClawHub

Claude Code Framework

v1.0.0

提供基于 Claude Code 核心架构的 Agent 执行框架,支持权限前置检查、上下文预算监控和可插拔 Hook 机制。

0· 13·0 current·0 all-time
by@xjhveteran199-bit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The code files (handler, risk-classifier, context-budget, hook-manager) implement the described features (permission pre-checks, context budget, hook points). There are no unrelated env vars, binaries, or install actions requested. However the SKILL.md repeatedly claims the code is extracted from leaked Claude Code sources — a provenance/licensing concern that is outside technical coherence but important for risk/legal review.
Instruction Scope
SKILL.md instructions stay within the stated purpose (how to run the framework, commands, hooks, and examples). The hook system intentionally allows arbitrary handlers at many lifecycle points (pre_tool_call, pre_agent_spawn, pre_send_message, etc.), which is expected for a framework but grants broad ability to run custom logic; that increases the attack surface if untrusted handlers are registered. The core executor's executeTool is intentionally unimplemented (throws), meaning the framework itself is scaffolding and will not execute system tools until a host implements that method—this reduces immediate risk but also means a future implementer could wire it to powerful tool(s).
Install Mechanism
No install spec and no downloads; the skill is instruction/code-only. Nothing in the manifest performs remote installs or writes to disk during install, which is the lowest-risk install posture.
Credentials
The skill requests no environment variables or credentials (proportional). It does define rules that classify network, git, and exec operations (curl, wget, git push) as requiring approval; the framework itself does not request credentials but is designed to mediate operations that, when wired to real tool executors, may need external credentials. You should ensure any integrations (git, network, exec) are gated and that credentials are provided only to trusted executors.
Persistence & Privilege
always:false and no system-wide config paths are requested. The framework registers and executes hooks (its own internal state), but it does not modify other skills or system settings. Autonomous invocation is allowed by platform default — combined with the hook power this is a normal but important consideration (see user guidance).
Assessment
This skill is internally coherent and implements what it advertises, but review before enabling: 1) provenance/licensing: SKILL.md claims the code comes from a leaked Claude Code release — confirm legal/ethical sourcing before use; 2) hooks: the HookManager allows arbitrary handlers at many lifecycle points (including pre_agent_spawn and pre_send_message) — only register handlers you trust and audit their code/logging behavior; 3) executors: executeTool is unimplemented in the framework and a host will need to wire real executors (which may require credentials) — ensure those executors enforce approval flows for network/git/exec operations; 4) runtime risk: even though the framework doesn't request secrets, it is designed to gate high-risk actions (git push, curl, exec). If you plan to run this in production, audit the included TypeScript, remove or verify any references to external/proprietary sources, and restrict who can register hooks or change rules.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cp91dq357dammskt424vm6h84729y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Claude Code Framework Skill

从 Claude Code 泄露源码中提取的核心架构模式,打包为可复用的 Agent 执行框架。

功能概述

本 skill 提供一套完整的 Agent 执行框架,确保每次任务都遵循 Claude Code 的最佳实践:

  1. 权限前置检查 — 工具调用前进行风险评估
  2. 上下文预算监控 — 确保不超出容量限制
  3. Hook 干预点 — 在关键节点插入自定义逻辑
  4. 精准执行 — 最小权限、明确指令、可追溯

核心机制

1. 权限前置检查 (on_tool_call)

每个工具调用前自动进行风险评估:

interface ToolRiskAssessment {
  tool: string;           // 工具名称
  args: any;             // 工具参数
  risk: 'AUTO' | 'APPROVE' | 'BLOCK';
  reason: string;
  suggestion?: string;
}

// 内置规则
const BUILTIN_RULES = {
  // 直接执行 (AUTO)
  auto: [
    'ls', 'dir', 'pwd', 'cat', 'type',
    'Get-ChildItem', 'Get-Content',
    'git status', 'git log', 'git diff',
    'search', 'read', 'memory_search'
  ],
  
  // 需审批 (APPROVE)
  approve: [
    'exec', 'write', 'edit', 'delete',
    'rm', 'del', 'curl', 'wget',
    'git push', 'git commit',
    'npm install', 'pip install'
  ],
  
  // 直接阻止 (BLOCK)
  block: [
    'format', 'diskpart',
    'net user', 'reg delete',
    'curl.*--delete', 'wget.*--delete'
  ]
};

2. 上下文预算监控

每次任务开始时检查容量状态:

interface ContextBudget {
  percentage: number;    // 使用百分比
  used: number;          // 已用 tokens
  limit: number;         // 上限
  status: 'NORMAL' | 'WARNING' | 'CRITICAL' | 'BLOCKED';
  
  // 触发阈值
  thresholds: {
    warning: 0.80,    // 80% - Micro-compact
    critical: 0.90,   // 90% - Session-compact
    blocked: 0.98     // 98% - 阻止新输入
  };
}

// 预算检查函数
async function checkContextBudget(): Promise<ContextBudget>

3. Hook 干预点

在关键生命周期节点插入逻辑:

Hook 名称触发时机用途
pre_task任务开始前权限检查、上下文验证
pre_tool_call工具调用前风险评估、参数验证
post_tool_call工具调用后结果处理、日志记录
on_error错误发生时错误恢复、通知
post_task任务完成后结果汇总、记忆更新

4. 精准执行模式

参考 Claude Code 的六种权限模式:

enum ExecutionMode {
  /** 默认模式 - 需审批 */
  DEFAULT = 'default',
  
  /** 仅读模式 - 禁止写入 */
  READ_ONLY = 'read-only',
  
  /** 自动模式 - AI 决定 */
  AUTO = 'auto',
  
  /** 绕过模式 - 不推荐 */
  BYPASS = 'bypass'
}

使用方法

方式 1: 在任务开始时调用

用户: "帮我写一个 Python 脚本"

Agent 自动执行:
1. pre_task Hook → 检查权限、验证上下文
2. 风险评估 → exec 工具需要 APPROVE
3. 执行任务
4. post_task Hook → 更新记忆、日志

方式 2: 手动触发检查

用户: "/claude-code check"

Agent 执行:
- Context budget 检查
- 当前权限模式
- 最近工具调用风险
- 建议优化

方式 3: 配置特定模式

用户: "切换到 READ_ONLY 模式"
用户: "切换到 AUTO 模式"

内置命令

命令说明
/framework check检查当前上下文预算和执行状态
/framework mode <mode>切换执行模式
/framework rules查看当前权限规则
/framework status显示框架状态
/framework compact手动触发上下文压缩

配置选项

{
  "claudeCodeFramework": {
    "enabled": true,
    
    "execution": {
      "defaultMode": "DEFAULT",
      "autoCompactAt": 0.80,
      "blockAt": 0.98
    },
    
    "permissions": {
      "requireApprovalFor": ["exec", "write", "edit", "delete"],
      "autoAllow": ["read", "search", "memory_search", "ls", "dir"],
      "blockPatterns": ["format", "reg delete", "net user"]
    },
    
    "hooks": {
      "pre_task": { "enabled": true },
      "pre_tool_call": { "enabled": true },
      "post_tool_call": { "enabled": true },
      "on_error": { "enabled": true },
      "post_task": { "enabled": true }
    },
    
    "logging": {
      "enabled": true,
      "level": "info"
    }
  }
}

与 Claude Code 的对比

特性Claude Code本 Framework
权限检查BASH 分类器通用风险评估
上下文压缩四级可配置
Hook 系统内置可配置
执行模式6 种4 种
多 Agent支持单 Agent

示例流程

任务: 读取 workspace 中的文件

1. pre_task
   ✓ 权限检查: read 工具在 AUTO 列表
   ✓ 上下文检查: 45% 使用率,正常

2. pre_tool_call (read)
   ✓ 风险: AUTO
   ✓ 参数验证: path 存在
   
3. 工具执行
   → 读取文件成功

4. post_tool_call
   ✓ 更新文件缓存
   ✓ 记录访问日志

5. post_task
   ✓ 任务完成
   ✓ 更新工作记忆

文件结构

skills/claude-code-framework/
├── SKILL.md              # 本文件
├── handler.ts           # 核心处理逻辑
├── risk-classifier.ts    # 风险分类器
├── context-budget.ts     # 上下文预算
├── hook-manager.ts       # Hook 管理器
└── config.json           # 默认配置

扩展建议

  1. 集成 OpenClaw 的 exec-approvals — 使用现有的 exec 审批系统
  2. 添加 MCP 工具支持 — 扩展工具注册表
  3. 多 Agent 协作 — 实现 Sub-Agent 生成
  4. Buddy 宠物系统 — 添加有趣的互动元素

基于 Claude Code v2.1.88 泄露源码分析,2026-04-03

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…