ClawHub

Fastapi Code Review

v1.1.0

Reviews FastAPI code for routing patterns, dependency injection, validation, and async handlers. Use when reviewing FastAPI apps, checking APIRouter setup, D...

0· 146·1 current·1 all-time
byKevin Anderson@anderskev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the content: the skill is purely a guidance/checklist for reviewing FastAPI routing, dependencies, validation, and async usage. It declares no binaries, env vars, or install steps — which is appropriate for an instruction-only review helper.
Instruction Scope
SKILL.md and included reference docs constrain checks to FastAPI source patterns (routes, Depends, Pydantic, async anti-patterns). The instructions do not ask the agent to read system files, env vars, or transmit data externally. One minor issue: the SKILL.md says to load a review-verification-protocol at ../review-verification-protocol/SKILL.md before reporting findings, but that file is not included in the provided manifest — this is an operational/doc omission, not a security concern, but it could cause the agent to look for or expect external content.
Install Mechanism
No install spec and no code files are executed — the skill is instruction-only. This is the lowest-risk pattern for skills.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportional for a static code-review checklist.
Persistence & Privilege
always is false and the skill is user-invocable. There is no indication it requests permanent presence or modifies other skills or system settings.
Assessment
This skill is an offline, instruction-only checklist for reviewing FastAPI apps and appears internally consistent. Before installing or using it: 1) confirm the referenced review-verification-protocol exists in your environment (SKILL.md points to ../review-verification-protocol/SKILL.md but that file wasn't included); 2) understand the checklist is opinionated (e.g., it prefers async handlers and response_model everywhere) and may produce false positives for apps intentionally using sync handlers or different patterns; 3) the skill does not request credentials or install code, but when you run reviews, avoid having the agent automatically send your source code to external endpoints — this skill's docs don't instruct any external transmission, but your agent's runtime could be configured to do so; 4) if you want stricter guarantees, run the checklist locally on a sample repository first to see what it flags.

Like a lobster shell, security has layers — review code before you run it.

latestvk974c7agkztrw4zz5sjg8r2t7n83drzk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments