{ "schemaVersion": "1.0", "item": { "slug": "senior-backend", "name": "Senior Backend", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/alirezarezvani/senior-backend", "canonicalUrl": "https://clawhub.ai/alirezarezvani/senior-backend", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/senior-backend", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=senior-backend", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "references/api_design_patterns.md", "references/backend_security_practices.md", "references/database_optimization_guide.md", "scripts/api_load_tester.py", "scripts/api_scaffolder.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/senior-backend" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/senior-backend", "agentPageUrl": "https://openagent3.xyz/skills/senior-backend/agent", "manifestUrl": "https://openagent3.xyz/skills/senior-backend/agent.json", "briefUrl": "https://openagent3.xyz/skills/senior-backend/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Senior Backend Engineer", "body": "Backend development patterns, API design, database optimization, and security practices." }, { "title": "Quick Start", "body": "# Generate API routes from OpenAPI spec\npython scripts/api_scaffolder.py openapi.yaml --framework express --output src/routes/\n\n# Analyze database schema and generate migrations\npython scripts/database_migration_tool.py --connection postgres://localhost/mydb --analyze\n\n# Load test an API endpoint\npython scripts/api_load_tester.py https://api.example.com/users --concurrency 50 --duration 30" }, { "title": "1. API Scaffolder", "body": "Generates API route handlers, middleware, and OpenAPI specifications from schema definitions.\n\nInput: OpenAPI spec (YAML/JSON) or database schema\nOutput: Route handlers, validation middleware, TypeScript types\n\nUsage:\n\n# Generate Express routes from OpenAPI spec\npython scripts/api_scaffolder.py openapi.yaml --framework express --output src/routes/\n# Output: Generated 12 route handlers, validation middleware, and TypeScript types\n\n# Generate from database schema\npython scripts/api_scaffolder.py --from-db postgres://localhost/mydb --output src/routes/\n\n# Generate OpenAPI spec from existing routes\npython scripts/api_scaffolder.py src/routes/ --generate-spec --output openapi.yaml\n\nSupported Frameworks:\n\nExpress.js (--framework express)\nFastify (--framework fastify)\nKoa (--framework koa)" }, { "title": "2. Database Migration Tool", "body": "Analyzes database schemas, detects changes, and generates migration files with rollback support.\n\nInput: Database connection string or schema files\nOutput: Migration files, schema diff report, optimization suggestions\n\nUsage:\n\n# Analyze current schema and suggest optimizations\npython scripts/database_migration_tool.py --connection postgres://localhost/mydb --analyze\n# Output: Missing indexes, N+1 query risks, and suggested migration files\n\n# Generate migration from schema diff\npython scripts/database_migration_tool.py --connection postgres://localhost/mydb \\\n --compare schema/v2.sql --output migrations/\n\n# Dry-run a migration\npython scripts/database_migration_tool.py --connection postgres://localhost/mydb \\\n --migrate migrations/20240115_add_user_indexes.sql --dry-run" }, { "title": "3. API Load Tester", "body": "Performs HTTP load testing with configurable concurrency, measuring latency percentiles and throughput.\n\nInput: API endpoint URL and test configuration\nOutput: Performance report with latency distribution, error rates, throughput metrics\n\nUsage:\n\n# Basic load test\npython scripts/api_load_tester.py https://api.example.com/users --concurrency 50 --duration 30\n# Output: Throughput (req/sec), latency percentiles (P50/P95/P99), error counts, and scaling recommendations\n\n# Test with custom headers and body\npython scripts/api_load_tester.py https://api.example.com/orders \\\n --method POST \\\n --header \"Authorization: Bearer token123\" \\\n --body '{\"product_id\": 1, \"quantity\": 2}' \\\n --concurrency 100 \\\n --duration 60\n\n# Compare two endpoints\npython scripts/api_load_tester.py https://api.example.com/v1/users https://api.example.com/v2/users \\\n --compare --concurrency 50 --duration 30" }, { "title": "API Design Workflow", "body": "Use when designing a new API or refactoring existing endpoints.\n\nStep 1: Define resources and operations\n\n# openapi.yaml\nopenapi: 3.0.3\ninfo:\n title: User Service API\n version: 1.0.0\npaths:\n /users:\n get:\n summary: List users\n parameters:\n - name: \"limit\"\n in: query\n schema:\n type: integer\n default: 20\n post:\n summary: Create user\n requestBody:\n required: true\n content:\n application/json:\n schema:\n $ref: '#/components/schemas/CreateUser'\n\nStep 2: Generate route scaffolding\n\npython scripts/api_scaffolder.py openapi.yaml --framework express --output src/routes/\n\nStep 3: Implement business logic\n\n// src/routes/users.ts (generated, then customized)\nexport const createUser = async (req: Request, res: Response) => {\n const { email, name } = req.body;\n\n // Add business logic\n const user = await userService.create({ email, name });\n\n res.status(201).json(user);\n};\n\nStep 4: Add validation middleware\n\n# Validation is auto-generated from OpenAPI schema\n# src/middleware/validators.ts includes:\n# - Request body validation\n# - Query parameter validation\n# - Path parameter validation\n\nStep 5: Generate updated OpenAPI spec\n\npython scripts/api_scaffolder.py src/routes/ --generate-spec --output openapi.yaml" }, { "title": "Database Optimization Workflow", "body": "Use when queries are slow or database performance needs improvement.\n\nStep 1: Analyze current performance\n\npython scripts/database_migration_tool.py --connection $DATABASE_URL --analyze\n\nStep 2: Identify slow queries\n\n-- Check query execution plans\nEXPLAIN ANALYZE SELECT * FROM orders\nWHERE user_id = 123\nORDER BY created_at DESC\nLIMIT 10;\n\n-- Look for: Seq Scan (bad), Index Scan (good)\n\nStep 3: Generate index migrations\n\npython scripts/database_migration_tool.py --connection $DATABASE_URL \\\n --suggest-indexes --output migrations/\n\nStep 4: Test migration (dry-run)\n\npython scripts/database_migration_tool.py --connection $DATABASE_URL \\\n --migrate migrations/add_indexes.sql --dry-run\n\nStep 5: Apply and verify\n\n# Apply migration\npython scripts/database_migration_tool.py --connection $DATABASE_URL \\\n --migrate migrations/add_indexes.sql\n\n# Verify improvement\npython scripts/database_migration_tool.py --connection $DATABASE_URL --analyze" }, { "title": "Security Hardening Workflow", "body": "Use when preparing an API for production or after a security review.\n\nStep 1: Review authentication setup\n\n// Verify JWT configuration\nconst jwtConfig = {\n secret: process.env.JWT_SECRET, // Must be from env, never hardcoded\n expiresIn: '1h', // Short-lived tokens\n algorithm: 'RS256' // Prefer asymmetric\n};\n\nStep 2: Add rate limiting\n\nimport rateLimit from 'express-rate-limit';\n\nconst apiLimiter = rateLimit({\n windowMs: 15 * 60 * 1000, // 15 minutes\n max: 100, // 100 requests per window\n standardHeaders: true,\n legacyHeaders: false,\n});\n\napp.use('/api/', apiLimiter);\n\nStep 3: Validate all inputs\n\nimport { z } from 'zod';\n\nconst CreateUserSchema = z.object({\n email: z.string().email().max(255),\n name: \"zstringmin1max100\"\n age: z.number().int().positive().optional()\n});\n\n// Use in route handler\nconst data = CreateUserSchema.parse(req.body);\n\nStep 4: Load test with attack patterns\n\n# Test rate limiting\npython scripts/api_load_tester.py https://api.example.com/login \\\n --concurrency 200 --duration 10 --expect-rate-limit\n\n# Test input validation\npython scripts/api_load_tester.py https://api.example.com/users \\\n --method POST \\\n --body '{\"email\": \"not-an-email\"}' \\\n --expect-status 400\n\nStep 5: Review security headers\n\nimport helmet from 'helmet';\n\napp.use(helmet({\n contentSecurityPolicy: true,\n crossOriginEmbedderPolicy: true,\n crossOriginOpenerPolicy: true,\n crossOriginResourcePolicy: true,\n hsts: { maxAge: 31536000, includeSubDomains: true },\n}));" }, { "title": "Reference Documentation", "body": "FileContainsUse Whenreferences/api_design_patterns.mdREST vs GraphQL, versioning, error handling, paginationDesigning new APIsreferences/database_optimization_guide.mdIndexing strategies, query optimization, N+1 solutionsFixing slow queriesreferences/backend_security_practices.mdOWASP Top 10, auth patterns, input validationSecurity hardening" }, { "title": "REST API Response Format", "body": "{\n \"data\": { \"id\": 1, \"name\": \"John\" },\n \"meta\": { \"requestId\": \"abc-123\" }\n}" }, { "title": "Error Response Format", "body": "{\n \"error\": {\n \"code\": \"VALIDATION_ERROR\",\n \"message\": \"Invalid email format\",\n \"details\": [{ \"field\": \"email\", \"message\": \"must be valid email\" }]\n },\n \"meta\": { \"requestId\": \"abc-123\" }\n}" }, { "title": "HTTP Status Codes", "body": "CodeUse Case200Success (GET, PUT, PATCH)201Created (POST)204No Content (DELETE)400Validation error401Authentication required403Permission denied404Resource not found429Rate limit exceeded500Internal server error" }, { "title": "Database Index Strategy", "body": "-- Single column (equality lookups)\nCREATE INDEX idx_users_email ON users(email);\n\n-- Composite (multi-column queries)\nCREATE INDEX idx_orders_user_status ON orders(user_id, status);\n\n-- Partial (filtered queries)\nCREATE INDEX idx_orders_active ON orders(created_at) WHERE status = 'active';\n\n-- Covering (avoid table lookup)\nCREATE INDEX idx_users_email_name ON users(email) INCLUDE (name);" }, { "title": "Common Commands", "body": "# API Development\npython scripts/api_scaffolder.py openapi.yaml --framework express\npython scripts/api_scaffolder.py src/routes/ --generate-spec\n\n# Database Operations\npython scripts/database_migration_tool.py --connection $DATABASE_URL --analyze\npython scripts/database_migration_tool.py --connection $DATABASE_URL --migrate file.sql\n\n# Performance Testing\npython scripts/api_load_tester.py https://api.example.com/endpoint --concurrency 50\npython scripts/api_load_tester.py https://api.example.com/endpoint --compare baseline.json" } ], "body": "Senior Backend Engineer\n\nBackend development patterns, API design, database optimization, and security practices.\n\nQuick Start\n# Generate API routes from OpenAPI spec\npython scripts/api_scaffolder.py openapi.yaml --framework express --output src/routes/\n\n# Analyze database schema and generate migrations\npython scripts/database_migration_tool.py --connection postgres://localhost/mydb --analyze\n\n# Load test an API endpoint\npython scripts/api_load_tester.py https://api.example.com/users --concurrency 50 --duration 30\n\nTools Overview\n1. API Scaffolder\n\nGenerates API route handlers, middleware, and OpenAPI specifications from schema definitions.\n\nInput: OpenAPI spec (YAML/JSON) or database schema Output: Route handlers, validation middleware, TypeScript types\n\nUsage:\n\n# Generate Express routes from OpenAPI spec\npython scripts/api_scaffolder.py openapi.yaml --framework express --output src/routes/\n# Output: Generated 12 route handlers, validation middleware, and TypeScript types\n\n# Generate from database schema\npython scripts/api_scaffolder.py --from-db postgres://localhost/mydb --output src/routes/\n\n# Generate OpenAPI spec from existing routes\npython scripts/api_scaffolder.py src/routes/ --generate-spec --output openapi.yaml\n\n\nSupported Frameworks:\n\nExpress.js (--framework express)\nFastify (--framework fastify)\nKoa (--framework koa)\n2. Database Migration Tool\n\nAnalyzes database schemas, detects changes, and generates migration files with rollback support.\n\nInput: Database connection string or schema files Output: Migration files, schema diff report, optimization suggestions\n\nUsage:\n\n# Analyze current schema and suggest optimizations\npython scripts/database_migration_tool.py --connection postgres://localhost/mydb --analyze\n# Output: Missing indexes, N+1 query risks, and suggested migration files\n\n# Generate migration from schema diff\npython scripts/database_migration_tool.py --connection postgres://localhost/mydb \\\n --compare schema/v2.sql --output migrations/\n\n# Dry-run a migration\npython scripts/database_migration_tool.py --connection postgres://localhost/mydb \\\n --migrate migrations/20240115_add_user_indexes.sql --dry-run\n\n3. API Load Tester\n\nPerforms HTTP load testing with configurable concurrency, measuring latency percentiles and throughput.\n\nInput: API endpoint URL and test configuration Output: Performance report with latency distribution, error rates, throughput metrics\n\nUsage:\n\n# Basic load test\npython scripts/api_load_tester.py https://api.example.com/users --concurrency 50 --duration 30\n# Output: Throughput (req/sec), latency percentiles (P50/P95/P99), error counts, and scaling recommendations\n\n# Test with custom headers and body\npython scripts/api_load_tester.py https://api.example.com/orders \\\n --method POST \\\n --header \"Authorization: Bearer token123\" \\\n --body '{\"product_id\": 1, \"quantity\": 2}' \\\n --concurrency 100 \\\n --duration 60\n\n# Compare two endpoints\npython scripts/api_load_tester.py https://api.example.com/v1/users https://api.example.com/v2/users \\\n --compare --concurrency 50 --duration 30\n\nBackend Development Workflows\nAPI Design Workflow\n\nUse when designing a new API or refactoring existing endpoints.\n\nStep 1: Define resources and operations\n\n# openapi.yaml\nopenapi: 3.0.3\ninfo:\n title: User Service API\n version: 1.0.0\npaths:\n /users:\n get:\n summary: List users\n parameters:\n - name: \"limit\"\n in: query\n schema:\n type: integer\n default: 20\n post:\n summary: Create user\n requestBody:\n required: true\n content:\n application/json:\n schema:\n $ref: '#/components/schemas/CreateUser'\n\n\nStep 2: Generate route scaffolding\n\npython scripts/api_scaffolder.py openapi.yaml --framework express --output src/routes/\n\n\nStep 3: Implement business logic\n\n// src/routes/users.ts (generated, then customized)\nexport const createUser = async (req: Request, res: Response) => {\n const { email, name } = req.body;\n\n // Add business logic\n const user = await userService.create({ email, name });\n\n res.status(201).json(user);\n};\n\n\nStep 4: Add validation middleware\n\n# Validation is auto-generated from OpenAPI schema\n# src/middleware/validators.ts includes:\n# - Request body validation\n# - Query parameter validation\n# - Path parameter validation\n\n\nStep 5: Generate updated OpenAPI spec\n\npython scripts/api_scaffolder.py src/routes/ --generate-spec --output openapi.yaml\n\nDatabase Optimization Workflow\n\nUse when queries are slow or database performance needs improvement.\n\nStep 1: Analyze current performance\n\npython scripts/database_migration_tool.py --connection $DATABASE_URL --analyze\n\n\nStep 2: Identify slow queries\n\n-- Check query execution plans\nEXPLAIN ANALYZE SELECT * FROM orders\nWHERE user_id = 123\nORDER BY created_at DESC\nLIMIT 10;\n\n-- Look for: Seq Scan (bad), Index Scan (good)\n\n\nStep 3: Generate index migrations\n\npython scripts/database_migration_tool.py --connection $DATABASE_URL \\\n --suggest-indexes --output migrations/\n\n\nStep 4: Test migration (dry-run)\n\npython scripts/database_migration_tool.py --connection $DATABASE_URL \\\n --migrate migrations/add_indexes.sql --dry-run\n\n\nStep 5: Apply and verify\n\n# Apply migration\npython scripts/database_migration_tool.py --connection $DATABASE_URL \\\n --migrate migrations/add_indexes.sql\n\n# Verify improvement\npython scripts/database_migration_tool.py --connection $DATABASE_URL --analyze\n\nSecurity Hardening Workflow\n\nUse when preparing an API for production or after a security review.\n\nStep 1: Review authentication setup\n\n// Verify JWT configuration\nconst jwtConfig = {\n secret: process.env.JWT_SECRET, // Must be from env, never hardcoded\n expiresIn: '1h', // Short-lived tokens\n algorithm: 'RS256' // Prefer asymmetric\n};\n\n\nStep 2: Add rate limiting\n\nimport rateLimit from 'express-rate-limit';\n\nconst apiLimiter = rateLimit({\n windowMs: 15 * 60 * 1000, // 15 minutes\n max: 100, // 100 requests per window\n standardHeaders: true,\n legacyHeaders: false,\n});\n\napp.use('/api/', apiLimiter);\n\n\nStep 3: Validate all inputs\n\nimport { z } from 'zod';\n\nconst CreateUserSchema = z.object({\n email: z.string().email().max(255),\n name: \"zstringmin1max100\"\n age: z.number().int().positive().optional()\n});\n\n// Use in route handler\nconst data = CreateUserSchema.parse(req.body);\n\n\nStep 4: Load test with attack patterns\n\n# Test rate limiting\npython scripts/api_load_tester.py https://api.example.com/login \\\n --concurrency 200 --duration 10 --expect-rate-limit\n\n# Test input validation\npython scripts/api_load_tester.py https://api.example.com/users \\\n --method POST \\\n --body '{\"email\": \"not-an-email\"}' \\\n --expect-status 400\n\n\nStep 5: Review security headers\n\nimport helmet from 'helmet';\n\napp.use(helmet({\n contentSecurityPolicy: true,\n crossOriginEmbedderPolicy: true,\n crossOriginOpenerPolicy: true,\n crossOriginResourcePolicy: true,\n hsts: { maxAge: 31536000, includeSubDomains: true },\n}));\n\nReference Documentation\nFile\tContains\tUse When\nreferences/api_design_patterns.md\tREST vs GraphQL, versioning, error handling, pagination\tDesigning new APIs\nreferences/database_optimization_guide.md\tIndexing strategies, query optimization, N+1 solutions\tFixing slow queries\nreferences/backend_security_practices.md\tOWASP Top 10, auth patterns, input validation\tSecurity hardening\nCommon Patterns Quick Reference\nREST API Response Format\n{\n \"data\": { \"id\": 1, \"name\": \"John\" },\n \"meta\": { \"requestId\": \"abc-123\" }\n}\n\nError Response Format\n{\n \"error\": {\n \"code\": \"VALIDATION_ERROR\",\n \"message\": \"Invalid email format\",\n \"details\": [{ \"field\": \"email\", \"message\": \"must be valid email\" }]\n },\n \"meta\": { \"requestId\": \"abc-123\" }\n}\n\nHTTP Status Codes\nCode\tUse Case\n200\tSuccess (GET, PUT, PATCH)\n201\tCreated (POST)\n204\tNo Content (DELETE)\n400\tValidation error\n401\tAuthentication required\n403\tPermission denied\n404\tResource not found\n429\tRate limit exceeded\n500\tInternal server error\nDatabase Index Strategy\n-- Single column (equality lookups)\nCREATE INDEX idx_users_email ON users(email);\n\n-- Composite (multi-column queries)\nCREATE INDEX idx_orders_user_status ON orders(user_id, status);\n\n-- Partial (filtered queries)\nCREATE INDEX idx_orders_active ON orders(created_at) WHERE status = 'active';\n\n-- Covering (avoid table lookup)\nCREATE INDEX idx_users_email_name ON users(email) INCLUDE (name);\n\nCommon Commands\n# API Development\npython scripts/api_scaffolder.py openapi.yaml --framework express\npython scripts/api_scaffolder.py src/routes/ --generate-spec\n\n# Database Operations\npython scripts/database_migration_tool.py --connection $DATABASE_URL --analyze\npython scripts/database_migration_tool.py --connection $DATABASE_URL --migrate file.sql\n\n# Performance Testing\npython scripts/api_load_tester.py https://api.example.com/endpoint --concurrency 50\npython scripts/api_load_tester.py https://api.example.com/endpoint --compare baseline.json" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/alirezarezvani/senior-backend", "publisherUrl": "https://clawhub.ai/alirezarezvani/senior-backend", "owner": "alirezarezvani", "version": "2.1.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/senior-backend", "downloadUrl": "https://openagent3.xyz/downloads/senior-backend", "agentUrl": "https://openagent3.xyz/skills/senior-backend/agent", "manifestUrl": "https://openagent3.xyz/skills/senior-backend/agent.json", "briefUrl": "https://openagent3.xyz/skills/senior-backend/agent.md" } }