Sen Dev Patterns

v0.1.0

个人开发提效Skill - 沉淀页面布局、样式风格、代码模块、算法库、踩坑记录。适用于用户需要复用个人开发经验、遵循统一规范、调用已沉淀的计算口径或模块的场景。

⭐ 1· 56·0 current·0 all-time

by@the13ai

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for the13ai/sen-dev-patterns.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Sen Dev Patterns" (the13ai/sen-dev-patterns) from ClawHub.
Skill page: https://clawhub.ai/the13ai/sen-dev-patterns
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sen-dev-patterns

ClawHub CLI

Package manager switcher

npx clawhub@latest install sen-dev-patterns

Security Scan

Capability signals

Requires OAuth tokenRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The skill is a personal development-patterns library (UI, algorithms, templates). Having helper scripts to publish the repo (publish_skill.py, publish_gitee.py) is coherent with the developer workflow and with the SKILL.md/PUBLISH_GUIDE. However the publishing scripts implement automated credential discovery (VSCode storage, git credential helper) which is more intrusive than simply asking the user for an explicit token.

Instruction Scope

SKILL.md lists only benign usage (init templates, reuse algorithms). It does instruct running publisher scripts in PUBLISH_GUIDE, but does not explicitly warn that those scripts will search local credential stores and change git remotes. The publish scripts contain logic to read environment variables, inspect VSCode globalStorage, call 'git credential fill', and then set git remotes embedding tokens — actions outside the narrow scope of 'read docs / generate templates' and which may access or persist credentials unexpectedly.

ℹ

Install Mechanism

No remote install/downloads are used (instruction-only + bundled scripts), so there's no external download risk. However the package includes executable Python scripts that will run on the user's machine if executed; that local execution capability increases risk compared with pure-doc skills.

Credentials

The skill declares no required env vars, yet publisher scripts will read GITHUB_TOKEN/GH_TOKEN/GITHUB_PERSONAL_ACCESS_TOKEN and will search VSCode state and the git credential helper for tokens. For a publishing convenience script this may be intended, but it is disproportionate for a 'patterns' skill to proactively harvest local credentials rather than explicitly asking the user to supply them. This behavior can expose sensitive tokens from unrelated locations.

Persistence & Privilege

publish_gitee.py and publish_skill.py modify git remotes by embedding credentials into remote URLs (e.g. https://username:token@github.com/...). That change is persistent (written into .git/config or remote settings) and can leak tokens to logs, config files, or other tooling. The skill does not request 'always: true', but the scripts still cause lasting changes to repository configuration if executed.

Scan Findings in Context

[reads-vscode-globalstorage] unexpected: publish_skill.py checks a hardcoded VSCode globalStorage path for GitHub tokens. While convenient for automation, scanning IDE state for tokens is intrusive and not necessary if the script simply asked the user to provide a token.

[uses-git-credential-fill] unexpected: The script runs 'git credential fill' and parses the output to try to extract credentials. This attempts to recover stored credentials from the git credential helper and is beyond what the SKILL.md describes; it's surprising behavior for a repo-of-patterns.

[embeds-token-in-remote-url] expected: The scripts construct remote URLs containing username:token@host to allow non-interactive git push. That is a known method to push without interactive auth, but it's insecure because it persists tokens in git config and can leak to logs or process listings. It's expected for automated publishing but should be used cautiously and with clear user consent.

[subprocess-git-push] expected: Scripts call subprocess to run git commands (remote add/set-url, git push). This is expected for a publish script but combined with automatic credential harvesting and URL embedding increases risk.

What to consider before installing

This skill is mainly a collection of docs, templates and helper scripts and appears legitimate for its stated purpose. However the included publisher scripts will try to find GitHub/Gitee tokens automatically (environment variables, VSCode storage, git credential helper) and then set git remotes that embed those tokens before pushing. Before running any publish script: 1) Inspect publish_skill.py and publish_gitee.py yourself to confirm you understand what they do. 2) Prefer to provide a token explicitly (as an environment variable you control) rather than letting the script hunt for stored credentials. 3) If you run the scripts, check .git/config afterwards and remove any remote URLs containing tokens; rotate any tokens that were embedded. 4) Only run these scripts in a trusted environment (or a copy/clone of the repo) and avoid running them if you don't want tools to access your IDE or git credential storage. 5) If you want publishing convenience without risk, manually create repos and push using your normal git tooling instead of running the automated scripts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ag0eb5xnrt7xbvja8dn3m6x85etft

56downloads

1stars

1versions

Updated 4d ago

v0.1.0

MIT-0

Sen 开发提效 Skill

概述

这是一个个人开发经验沉淀库，涵盖UI规范、代码模块、算法口径、踩坑记录，旨在提升后续开发效率和一致性。

适用场景：

开发新的数据处理工具时复用样式和模块
需要调用已验证的计算口径
保持跨项目的一致性
记录和复用踩坑经验

目录结构

sen-dev-patterns/
├── SKILL.md                    # 本文件 - 总览和索引
├── README.md                   # 使用说明
├── references/                 # 详细参考文档
│   ├── ui-style-guide.md       # UI样式规范（桌面应用）
│   ├── web-guide.md            # Web开发规范（CSS/HTML）
│   ├── coding-standards.md      # 编程规范
│   ├── algorithm-library.md     # 算法计算口径库（满意度加权公式等）
│   ├── pitfalls-record.md       # 踩坑记录
│   ├── code-modules.md          # 代码模块库（日志、文件、GUI等）
│   ├── icon-library.md          # 图标库（Emoji、SVG、按钮样式）
│   ├── performance-guide.md     # 性能优化指南
│   ├── git-workflow.md         # Git工作流与备份规范 ⭐新增
│   └── evaluation-report.md     # 质量评估报告
├── scripts/                    # 可执行脚本
│   └── init_module.py          # 初始化标准模块的脚本
└── assets/                     # 资源文件
    ├── templates/               # 代码模板
    └── icon-configs/           # 图标配置

核心原则

1. 最小改动原则

只改需要改的地方：需求变更时，只修改与当前问题相关的最少代码行
禁止重构：不主动重构已验证正确的代码
禁止优化无关代码：不要借机优化其他代码

2. 已正确部分绝对不动

若明确说明某部分逻辑正确，必须严格保护
不得修改变量名、结构、顺序、注释和格式

3. 修改必须透明

每次修改后说明：修改了哪几行、修改原因、对原有逻辑的影响

4. 先定位问题，再动手修改

优先帮用户定位错误位置
不直接大面积改写代码

UI设计规范

配色方案

用途	颜色代码	说明
主色调	`#667eea` → `#764ba2`	渐变色，用于标题、重要按钮
成功色	`#48bb78` / `#68d391`	绿色，表示成功、完成
警告色	`#f6ad55` / `#ff9500`	橙色，表示进度、警告
错误色	`#fc8181` / `#e74c3c`	红色，表示错误、失败
信息色	`#63b3ed` / `#3498db`	蓝色，表示信息、链接
辅助色	`#9f7aea`	紫色，用于次要按钮
背景色	`#f0f5f9` / `#f0f4ff`	浅色背景
日志背景	`#1a202c`	深色日志区域
日志文字	`#e2e8f0`	日志默认文字色

水晶质感按钮样式

crystal_style = """
    QPushButton {
        color: #ffffff;
        font-weight: 700;
        font-size: 14px;
        border-radius: 16px;
        padding: 12px 20px;
        background: qlineargradient(x1:0, y1:0, x2:1, y2:1,
            stop:0 %COLOR_START%,
            stop:0.5 %COLOR_MID%,
            stop:1 %COLOR_END%);
        border-top: 1px solid #ffffff;
        border-left: 1px solid #ffffff;
        border-right: 1px solid #000000;
        border-bottom: 2px solid #000000;
    }
    QPushButton:hover {
        background: qlineargradient(x1:0, y1:0, x2:1, y2:1,
            stop:0 %HOVER_START%,
            stop:0.5 %HOVER_MID%,
            stop:1 %HOVER_END%);
    }
    QPushButton:pressed {
        background: qlineargradient(x1:0, y1:0, x2:1, y2:1,
            stop:0 %PRESSED_START%,
            stop:0.5 %PRESSED_MID%,
            stop:1 %PRESSED_END%);
    }
    QPushButton:disabled {
        color: #cccccc;
        background: qlineargradient(x1:0, y1:0, x2:1, y2:1,
            stop:0 #a0aec0, stop:1 #718096);
    }
"""

Tkinter 按钮样式（Tk风格）

style.configure(
    "CrystalButton.TButton",
    font=("Microsoft YaHei", 10, "bold") if sys.platform != "darwin" else ("Helvetica Neue", 10, "bold"),
    foreground="white",
    background="#3498db",
    padding=(15, 8),
    relief="flat",
    borderwidth=0
)
style.map(
    "CrystalButton.TButton",
    background=[("active", "#2980b9"), ("pressed", "#1a5276")],
    foreground=[("active", "white"), ("pressed", "white")]
)

跨平台字体

# Windows
font_main = ("Microsoft YaHei", 10)
font_title = ("Microsoft YaHei", 22, "bold")
font_btn = ("Microsoft YaHei", 10, "bold")

# Mac
font_main = ("Helvetica Neue", 10)
font_title = ("Helvetica Neue", 22, "bold")
font_btn = ("Helvetica Neue", 10, "bold")

项目结构规范

Python 桌面应用标准结构

project/
├── main.py              # 主程序入口
├── logger.py            # 日志模块（TextHandler输出到GUI）
├── file_util.py         # 文件操作工具
├── date_splitter.py     # 日期拆分模块
├── monthly_agg.py       # 月度聚合模块
├── template_mapper.py   # 模板映射模块
├── settings.json        # 用户配置文件
├── spec_file.spec       # PyInstaller打包配置
├── 数据模板.xlsx         # Excel模板
└── dist/                # 打包输出目录

模块职责

模块	职责
`main.py`	UI、业务流程、设置管理
`logger.py`	日志输出到GUI（TextHandler）
`file_util.py`	文件选择、验证、读取
`date_splitter.py`	按日期拆分数据
`monthly_agg.py`	月度数据聚合
`template_mapper.py`	模板映射和填充

代码模板

详见 references/ui-style-guide.md

算法计算口径

详见 references/algorithm-library.md

踩坑记录

详见 references/pitfalls-record.md

使用方法

复用UI样式

参考 references/ui-style-guide.md 中的完整样式代码

复用计算口径

from references.algorithm_library import target_l_calculation, count_with_conditions

调用代码模板

python scripts/init_module.py --type worker --name MyWorker

更新日志

维护规范：每次修改skill后，在此记录更新内容，便于追踪变化历史。

日期	版本	更新内容
2026-04-24	v1.3	🔄 第2-3轮优化：添加Web开发规范、Git工作流与备份规范
2026-04-24	v1.2	🔄 第1轮优化：添加同比/环比/转化率算法、性能优化指南、更新日志机制
2026-04-24	v1.1	📝 添加代码模块库、图标库
2026-04-24	v1.0	✨ 初始版本，从业务降本推进和云安防项目提炼

更新日志维护指南

每次修改skill时，请按以下格式追加记录：

| YYYY-MM-DD | vX.X | 📝 更新内容描述 |

版本号规则：

v1.x：小版本迭代，添加新内容
vx.x+1：大版本更新，重大结构调整

更新类型标记：

✨ 新功能
📝 内容完善
🔄 优化重构
🐛 修复问题
⭐ 高优先级更新

Comments

Loading comments...