ClawHub

12 Factor Apps Analysis

v1.1.1

perform 12-Factor App compliance analysis on a codebase

0· 35·0 current·0 all-time
byKevin Anderson@anderskev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (12‑Factor compliance analysis) match the instructions: the skill reads a codebase, runs searches, collects file:line evidence, and produces recommendations. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope
The SKILL.md explicitly instructs the agent to examine the target path (default: current working directory) and produce file:line evidence using grep/search patterns. That behavior is appropriate for the stated purpose, but it means the skill will access all files in the provided directory (including any secrets or config files present). The skill also refers to another skill named `12-factor-apps` for search patterns; if that helper skill is missing or untrusted, results/behavior may be incomplete or depend on third-party logic.
Install Mechanism
Instruction-only; no install spec, no downloads, and no code files. This is the lowest-risk install profile and matches the skill's stated purpose.
Credentials
The skill declares no required environment variables, credentials, or config paths. Its request to read the repository is proportional to the analysis task.
Persistence & Privilege
The skill is not marked always:true and model invocation is disabled (disable-model-invocation: true), so it cannot be invoked autonomously; it does not request persistent system presence or modify other skills' configurations.
Assessment
This skill appears coherent and appropriate for auditing a repository for 12‑Factor compliance. Before running it, point it at the correct project directory (don't point it at your whole home or root filesystem), and be aware it will read all files under that path — any secrets or private config in the repository may be included in the output. Also confirm you trust the referenced helper skill `12-factor-apps` (if present) because the SKILL.md delegates search patterns to it; if that helper isn't available, results may be incomplete. If you are analyzing sensitive code, run the skill in an isolated environment or remove/rotate secrets before analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk971302n29677r1z0j1wndc51n83xs5d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments