# Send Flask to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "flask",
    "name": "Flask",
    "source": "tencent",
    "type": "skill",
    "category": "金融交易",
    "sourceUrl": "https://clawhub.ai/ivangdavila/flask",
    "canonicalUrl": "https://clawhub.ai/ivangdavila/flask",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/flask",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=flask",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "SKILL.md"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "flask",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-29T03:07:17.833Z",
      "expiresAt": "2026-05-06T03:07:17.833Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=flask",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=flask",
        "contentDisposition": "attachment; filename=\"flask-1.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "flask"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/flask"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/flask",
    "downloadUrl": "https://openagent3.xyz/downloads/flask",
    "agentUrl": "https://openagent3.xyz/skills/flask/agent",
    "manifestUrl": "https://openagent3.xyz/skills/flask/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/flask/agent.md"
  }
}
```
## Documentation

### Application Context

current_app only works inside request or with app.app_context() — "working outside application context" error
g is per-request storage — lost after request ends, use for db connections
Background tasks need context — with app.app_context(): or pass data, not proxies
create_app() factory pattern avoids circular imports — import current_app not app

### Request Context

request, session only inside request — "working outside request context" error
url_for needs context — url_for('static', filename='x', _external=True) for absolute URLs
Test client provides context automatically — but manual context for non-request code

### Circular Imports

from app import app in models causes circular — use factory pattern
Import inside function for late binding — or use current_app
Blueprints help organize — register at factory time, not import time
Extensions init with init_app(app) pattern — create without app, bind later

### Sessions and Security

SECRET_KEY required for sessions — random bytes, not weak string
No SECRET_KEY = unsigned cookies — anyone can forge session data
SESSION_COOKIE_SECURE=True in production — only send over HTTPS
SESSION_COOKIE_HTTPONLY=True — JavaScript can't access

### Debug Mode

debug=True in production = remote code execution — attacker can run Python
Use FLASK_DEBUG env var — not hardcoded
Debug PIN in logs if debug enabled — extra layer, but still dangerous

### Blueprints

url_prefix set at registration — app.register_blueprint(bp, url_prefix='/api')
Blueprint routes relative to prefix — @bp.route('/users') becomes /api/users
blueprint.before_request only for that blueprint — app.before_request for all

### SQLAlchemy Integration

db.session.commit() explicitly — autocommit not default
Session scoped to request by Flask-SQLAlchemy — but background tasks need own session
Detached object error — object from different session, refetch or merge
db.session.rollback() on error — or session stays in bad state

### Production

flask run is dev server — use Gunicorn/uWSGI in production
threaded=True for dev server concurrency — but still not production-ready
Static files through nginx — Flask serving static is slow
PROPAGATE_EXCEPTIONS=True for proper error handling with Sentry etc.

### Common Mistakes

return redirect('/login') vs return redirect(url_for('login')) — url_for is refactor-safe
JSON response: return jsonify(data) — not return json.dumps(data)
Form data in request.form — JSON body in request.json or request.get_json()
request.args for query params — request.args.get('page', default=1, type=int)
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: ivangdavila
- Version: 1.0.0
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-29T03:07:17.833Z
- Expires at: 2026-05-06T03:07:17.833Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/flask)
- [Send to Agent page](https://openagent3.xyz/skills/flask/agent)
- [JSON manifest](https://openagent3.xyz/skills/flask/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/flask/agent.md)
- [Download page](https://openagent3.xyz/downloads/flask)