Skip to content

CONTRIBUTING.md

Latest commit

Β 

History

History
134 lines (96 loc) Β· 2.7 KB

CONTRIBUTING.md

File metadata and controls

134 lines (96 loc) Β· 2.7 KB

Contributing to SClawHub

Thank you for your interest in contributing! πŸ¦žπŸ›‘οΈ

How to Contribute

πŸ› Report Bugs

Found a bug or false positive? Open an issue with:

  • Description of the problem
  • Steps to reproduce
  • Expected vs actual behavior
  • Skill code that triggered the issue (if applicable)

πŸ’‘ Suggest Features

Have an idea? Open an issue with:

  • Clear description of the feature
  • Use case / why it's valuable
  • Example of how it would work

πŸ” Improve Security Rules

Add new Semgrep patterns:

  1. Edit scanner/rules/semgrep-rules.yaml
  2. Add your pattern with clear documentation
  3. Test it on demo skills
  4. Submit a PR

Example:

- id: my-new-check
  pattern: risky_function($ARG)
  message: "Clear explanation of the risk"
  severity: WARNING
  languages: [javascript]

πŸ§ͺ Submit Test Cases

Help improve accuracy:

  1. Add a test skill to demo-skills/
  2. Run the scanner on it
  3. Verify the results are accurate
  4. Submit a PR with the test case

πŸ’» Code Contributions

  1. Fork the repository
  2. Create a feature branch: 
    git checkout -b feature/my-feature
  3. Make your changes
  4. Test thoroughly
  5. Commit with clear messages: 
    git commit -m "Add: description of feature"
  6. Push and open a Pull Request

πŸ“ Documentation

Improvements to docs are always welcome:

  • Fix typos
  • Add examples
  • Clarify instructions
  • Translate to other languages

Development Setup

# Clone your fork
git clone https://github.com/yourusername/sclawhub.git
cd sclawhub

# Install dependencies
cd scanner
npm install

# Set up environment
cp .env.example .env
# Add your ANTHROPIC_API_KEY

# Test the scanner
node scan.js ../demo-skills/safe-skill.js "Test"

Code Style

  • Use clear, descriptive variable names
  • Comment complex logic
  • Follow existing code patterns
  • Keep functions focused and small

Testing

Before submitting a PR:

  1. Test your changes on multiple skills
  2. Verify no false positives introduced
  3. Check that existing tests still pass
  4. Add new tests if applicable

Pull Request Process

  1. Update README.md if needed
  2. Update CHANGELOG.md with your changes
  3. Ensure all tests pass
  4. Request review from maintainers
  5. Address any feedback
  6. Merge once approved!

Security Issues

Do not open public issues for security vulnerabilities.

Email security concerns to: kondormit@gmail.com

Questions?

Code of Conduct

Be respectful, inclusive, and professional. We're all here to build something useful together.

Thank you for contributing to OpenClaw security! πŸ¦žπŸ›‘οΈ