ClawHub

Rust + SeaORM Database Explicit Contracts

v1.0.0

Rust + SeaORM 数据库显式契约规范。当项目涉及 Rust + SeaORM 数据库开发时自动激活。 核心:Entity 文件完全表达数据表,消灭隐式契约。

0· 116·0 current·0 all-time
by@xiamu-ssr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Rust + SeaORM explicit DB contracts) match the delivered artifacts: guidance (SKILL.md), an entity example, and a local shell script that scans Rust source for the described patterns. There are no unrelated binaries, env vars, or external services requested.
Instruction Scope
The SKILL.md stays on-topic (read entity files first, enforce patterns, preferred SeaORM usage). The included check_db_contracts.sh only scans the repository (defaults to ./src). One notable point: SKILL.md includes an example showing db.get_schema_registry(...).sync(db).await? — this code, if actually executed in a runtime with a real DB_URL, would perform automatic schema changes (CREATE/ALTER/RENAME). The skill does not itself run this, but the presence of that example is an operational risk if an agent or developer executes it against production.
Install Mechanism
No install spec; this is instruction-only with a single helper script. Nothing is downloaded or written to disk by an installer. The provided shell script is a local, static file and uses only standard POSIX tools (grep/sed/xargs).
Credentials
The skill declares no required env vars or credentials. The only implicit runtime concern is that Rust code snippets or an operator running the schema-sync example would need a DB URL/credentials from the environment — that is a normal development concern but not requested by the skill itself.
Persistence & Privilege
Flags show always: false and user-invocable true. The skill does not request persistent presence or elevated agent-wide privileges.
Assessment
This skill appears to do what it says: it gives guidance and a local CI-check script to enforce SeaORM entity conventions and doesn't request secrets or install external code. Before you install or let an agent run it: (1) inspect references/check_db_contracts.sh yourself to confirm the grep patterns and paths match your repo layout; (2) do NOT execute the schema-sync example (db.get_schema_registry(...).sync(...)) against production — that example would mutate the database schema if run with real DB credentials; (3) run the check script in an isolated CI or local environment so it only scans your repository (it reads files under the provided src_dir); (4) if you allow autonomous agents to invoke skills, ensure they are not given access to production DB credentials or environments where schema-sync could be executed. If you want extra assurance, run the script locally on a test checkout first and review any CI integration changes before committing.

Like a lobster shell, security has layers — review code before you run it.

latestvk979sn5hmxmtbdgngax2eek9wd839xm6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments