ClawHub

Nm Attune Precommit Setup

v1.0.0

Configure pre-commit hooks for linting, type checking, formatting, and testing to enforce quality gates on every commit

0· 15·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the SKILL.md: instructions cover creating .pre-commit-config.yaml, per-component scripts, and hook configuration for Python/Rust/TypeScript. Nothing requested in the skill (no env vars, no binaries, no installs) is unrelated to setting up pre-commit hooks.
Instruction Scope
Instructions stay on-topic (creating configs, scripts, and running/validating hooks). The skill references external pre-commit hook repositories (GitHub URLs such as ruff, mypy, bandit) which implies that installing the hooks will download and execute code from those repos—this is normal for pre-commit workflows but worth auditing. No instructions ask the agent to read unrelated system files or secrets.
Install Mechanism
There is no install spec in the skill (instruction-only), so nothing is written to disk by the skill itself. However, following the instructions will cause pre-commit to fetch hook code from external sources (GitHub repos listed in the example config). That external fetch is expected but is the primary runtime action that results in code being placed and executed locally.
Credentials
The skill declares no required environment variables, credentials, or config paths. The documented hooks/tools (ruff, mypy, bandit, rustfmt, clippy, eslint, etc.) are appropriate for the stated quality tasks and do not require unrelated credentials.
Persistence & Privilege
The skill is not always-enabled, does not request elevated or persistent agent privileges, and does not modify other skills or system-wide agent settings. It simply instructs repository-local configuration changes.
Assessment
This skill is coherent and appears safe in purpose, but be aware that pre-commit installs will download and run code from the listed hook repositories (GitHub). Before enabling hooks: review and pin hook revisions, inspect any custom hook scripts you add, test hooks locally (they run in your environment), and consider CI integration to avoid blocking commits with long-running hooks. If your environment disallows external downloads or you have strict security policies, audit the referenced hook repos (especially security scanners like bandit) before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972x3jqzg16s7ndj7ysy4wzx184j438

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis

Comments