ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Vela Dev

v1.0.0

Build, edit, debug, and package Xiaomi Vela JS quick apps for wearable devices such as Xiaomi Band 10. Use when the user asks to create a Vela 快应用, modify `....

0· 93·0 current·0 all-time
by@tlrenhb

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tlrenhb/vela-dev.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Vela Dev" (tlrenhb/vela-dev) from ClawHub.
Skill page: https://clawhub.ai/tlrenhb/vela-dev
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install vela-dev

ClawHub CLI

Package manager switcher

npx clawhub@latest install vela-dev
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is for creating and building Xiaomi Vela apps and includes a template package.json and repeated instructions to run `npx aiot build`. However the skill's metadata claims no required binaries or environment dependencies. In practice the workflow requires Node/npm (npx) and the aiot-toolkit (npm package) to be available — this mismatch is an unexplained omission.
Instruction Scope
SKILL.md stays within the stated purpose: scaffolding files, editing `.ux` pages, running builds, reading local reference files, and consulting official docs. It does not instruct reading unrelated system files or exfiltrating data, nor does it demand unrelated credentials.
Install Mechanism
This is an instruction-only skill (no install spec). Included assets contain a template package.json that references a public npm devDependency (`aiot-toolkit`), which is expected for the described build workflow. No downloads from untrusted URLs or extract/install steps are specified by the skill itself.
Credentials
The skill requests no environment variables or credentials and the instructions do not reference secrets. The set of included files and referenced docs are proportional to the stated goal.
Persistence & Privilege
The skill does not request persistent presence (always=false), does not modify other skills or global agent settings, and allows normal user invocation/autonomous invocation per platform defaults.
What to consider before installing
This skill appears to do what it claims — scaffold, build, and debug Xiaomi Vela quick apps — but note a small inconsistency: it instructs you to run `npx aiot build` yet does not declare Node/npm/npx as required tools. Before using it, ensure you have Node.js and npm (so npx works) and that you understand running build/install commands on your machine. If you install dependencies (npm install), be aware that npm packages can run install scripts; verify the `aiot-toolkit` package is from a trusted source and inspect package.json in the template. Review any commands the assistant suggests before executing them, and avoid pasting or running remote scripts you don't trust. If you need higher assurance, ask the skill author how they expect build tooling to be provided (local Node vs. container) or request they declare required binaries in the skill metadata.

Like a lobster shell, security has layers — review code before you run it.

latestvk977excfdx8rtdg32zmryp2t8583sxr4
93downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@tlrenhb
latest
Download

Vela Dev

Use this skill when working on Xiaomi Vela JS wearable quick apps.

What this skill is for

  • Create a new Vela quick app from scratch
  • Edit existing .ux pages
  • Fix build errors from npx aiot build
  • Adapt UI for Xiaomi Band / Watch screens
  • Package an .rpk for delivery

Workflow

  1. Identify whether the user wants a new app or edits to an existing Vela project.
  2. If new, scaffold the minimum required files:
    • src/manifest.json
    • src/app.ux
    • src/config-watch.json
    • at least one page like src/pages/<name>/index.ux
  3. Prefer a single-page app with internal state switching unless the app clearly benefits from router-based multi-page navigation.
  4. Build with:
    • cd <project> && npx aiot build
  5. If build fails, inspect the exact error and patch surgically.
  6. Only send/package the .rpk after a successful build.

Xiaomi Band / Vela constraints

Read references/vela-notes.md when you need practical constraints and common fixes.

Important defaults:

  • Xiaomi Band 10 uses a 212x520 跑道屏 style layout.
  • Frontend apps should feel foreground-first: quick open, quick action, quick exit.
  • Avoid overstuffed home screens. Prefer vertical lists/cards.
  • Symbol glyph buttons like may not render reliably on device; prefer plain Chinese text.
  • When in doubt, choose larger touch targets and fewer simultaneous actions.

Build/debug loop

After each meaningful edit:

  • Run npx aiot build
  • If needed, filter logs with grep for success|error|Error
  • Fix the reported file/line first before changing anything else

Common failure classes are documented in references/vela-notes.md.

Event/style rules

Read references/ux-gotchas.md when build errors point to template/event/CSS issues.

Key reminders:

  • Vela event handlers are strict; avoid unsupported template expression forms in onclick
  • Broken CSS blocks can produce UxLoader / Unexpected }
  • Prefer simple, explicit structure over clever templating

Project template

If the user asks for a fresh app, copy or adapt files from assets/template/.

Deliverables

Typical successful output includes:

  • working project folder
  • successful npx aiot build
  • generated .rpk path from dist/

When to read extra files

  • For practical Vela constraints and prior lessons: read references/vela-notes.md
  • For template/event/style pitfalls: read references/ux-gotchas.md
  • For official documentation entry points and what to consult: read references/docs-map.md
  • For a reusable end-to-end implementation/debug loop: read references/dev-workflow.md
  • For fresh project scaffolding: inspect assets/template/

Documentation-backed behavior

When you need authoritative confirmation:

  1. Start with references/docs-map.md
  2. Open the matching official doc page
  3. Apply the smallest viable change
  4. Rebuild immediately

Prefer official docs for:

  • component capability questions
  • feature API availability
  • project structure uncertainty
  • framework/lifecycle questions

Prefer local reference notes for:

  • previously observed build pitfalls
  • Band 10-specific practical constraints
  • project patterns that already worked here

Comments

Loading comments...