Create polish-claw-project skill for OpenClaw ecosystem contributions

[pjt222]

Summary

Create a new polish-claw-project skill that codifies the workflow for contributing to OpenClaw ecosystem projects (OpenClaw, NemoClaw, NanoClaw).

Motivation

We successfully contributed 3 PRs to NVIDIA/NemoClaw (#317, #319, #320) following a repeatable 9-step workflow. The Claw ecosystem is growing fast (NemoClaw: 6K stars in 3 days). Codifying this workflow as a skill enables repeatable, high-quality contributions to any Claw project.

Design

Domain: open-source (new domain)
Complexity: advanced
Language: multi

9-step procedure

1. Identify and Verify Target — Check CONTRIBUTING.md, license, maintainer activity
2. Fork and Clone — gh repo fork, set upstream remote
3. Explore Codebase — Spawn Explore agent to map architecture
4. Read Open Issues — Categorize unclaimed issues by type
5. Parallel Audit — Spawn security-analyst and code-reviewer in parallel. Verify findings against project's threat model before rating severity.
6. Cross-Reference Findings — Map verified audit findings to open issues (core judgment step)
7. Select Contributions — Pick 1-3 based on impact/effort/expertise matrix
8. Implement — Branch per contribution, follow project conventions, add tests
9. Create Pull Requests — Follow create-pull-request skill + project's CONTRIBUTING.md

Key design decisions (from argumentation)

• Novel value is in Steps 5-7 (judgment workflow), not mechanical fork/PR steps
• Claw-specific knowledge in Common Pitfalls, not procedure steps — keeps the skill transferable
• False positive prevention: Step 5 explicitly requires verifying audit findings against the project's threat model (learned from our Telegram bridge overclaim)

Files to create/modify

• skills/polish-claw-project/SKILL.md
• skills/_registry.yml (add open-source domain, increment total)
• .claude/skills/polish-claw-project (symlink)

Related skills

• security-audit-codebase (used in Step 5)
• review-codebase (used in Step 5)
• create-pull-request (used in Step 9)
• create-github-issues (for filing issues not addressed as PRs)

See plan file: gleaming-petting-pearl.md

[pjt222]

Insights from NemoClaw PR Review Cycle

Our three PRs (#317, #319, #320 on NVIDIA/NemoClaw) received automated review from CodeRabbit and manual triage (labeling) from maintainers. The review surfaced 6 actionable findings (1 major, 5 nitpicks) that we've now addressed with follow-up commits. Key patterns to encode in this skill:

Patterns for the skill's threat model verification (Step 6)

1. Regex anchoring for CLI argument injection — PR #320's sandbox name regex /^[a-zA-Z0-9_-]+$/ allowed names starting with -, which execFileSync would interpret as option flags. Fix: require alphanumeric first character /^[A-Za-z0-9][A-Za-z0-9_-]*$/. The skill should check regexes used in CLI argument validation for this class of bug.

2. TOCTOU prevention via exclusive file flags — writeFileSync(path, data, { mode: 0o600 }) is vulnerable to symlink attacks between path creation and write. Adding flag: "wx" makes creation atomic. The skill should flag temp file writes without exclusive flags.

3. Lazy computation on error paths — PR #319's computeDirectoryDigest() ran expensive filesystem I/O even when the manifest had no digest (guaranteed failure). Deferring computation inside the validity guard skips unnecessary work. The skill should check for wasted computation on known-failure paths.

4. Regression tests for allowlists — PR #317 added binary restrictions but had no tests proving curl/wget/bash were denied. Added 4 regression tests using the existing node:test framework. The skill should require regression tests for any security-relevant allowlist change.

Contribution pattern validation

• All 3 PRs were triaged with labels (security, Telegram, Migration) within hours — confirms maintainers are reviewing external contributions
• CodeRabbit reviews were substantive, not just style nits — the option injection finding (#320) was a real security improvement we missed
• Follow-up commits pushed successfully, PRs updated automatically

[pjt222]

Insights from NemoClaw Issues #325 and #391

Two new PRs submitted (#393, #394) addressing community-reported issues. New patterns for the skill:

Pattern 5: Shebang resolution gap (from #391)

The sandbox proxy allowlists by kernel-level binary path, not script path. When openclaw (a Node.js script with #!/usr/bin/env node) runs, the OS sees /usr/local/bin/node. Every policy listing /usr/local/bin/openclaw without /usr/local/bin/node silently fails with HTTP 403.

Skill encoding: Step 6 (threat model verification) should include "For any binary in a policy allowlist, check if it's a script with a shebang. If so, the interpreter binary must also be listed."

Pattern 6: Self-introduced gaps

Our own PR #317 (binaries restriction) created the #391 problem — we added allowlists without the node runtime. The skill must check: "Does your fix introduce the same class of bug it's preventing?" This is a form of regression that's easy to miss because the PR author is focused on the original fix.

Pattern 7: Credential passing hierarchy (from #325)

Never pass secrets as CLI arguments. The hierarchy:

1. Environment variable (best — not in /proc, not in logs)
2. Temp file + process substitution $(cat /tmp/cred) (good — key in bash memory only)
3. stdin pipe (good — if the target supports it)
4. CLI argument (never — visible via ps, /proc, logs)

The codebase had the safe pattern already (deploy function uses temp file + SCP) but the onboard code used the unsafe pattern. Skill encoding: Step 5 (audit) should grep for --credential, --password, --secret, --token in shell command strings.

Pattern 8: Coordinate with open PRs

Before submitting a fix, search for existing PRs addressing the same issue. PR #191 was already open for the env var approach. Our PR #394 is complementary (fixes JS/bash paths not covered by #191). Skill encoding: Add a pre-submission check: gh pr list --repo UPSTREAM --search "keyword" --state open.

Updated PR inventory

PR	Issue	Status
#317	#272 + #391 (presets)	Open, 4 commits
#319	digest bypass	Open, 2 commits
#320	telegram hardening	Open, 2 commits
#393	#391 (base sandbox)	Open, 1 commit
#394	#325 (credential hiding)	Open, 1 commit

[pjt222]

Implemented in c637c61. Skill: skills/polish-claw-project/SKILL.md (9-step workflow, open-source domain).