ClawHub

Nm Cartograph Call Chain

v1.0.0

Trace execution paths from entry points through the code knowledge graph. Shows call chains with criticality scores and generates Mermaid flowcharts

0· 64·1 current·1 all-time
by@athola
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (trace call chains via a code knowledge graph and produce Mermaid diagrams) matches the instructions which call a local gauntlet graph_query script or fall back to grep/rg and manual tree construction. Requested items (graph_query in ~/.claude/plugins, python3, ripgrep/grep) are appropriate for that purpose.
Instruction Scope
Instructions run local commands (find, python3 on a plugin script, rg/grep across the repository) and read local files/graph.db. This is expected for static and graph-based code analysis, but it does mean the skill will inspect files under your home directory and your code tree. The skill does not instruct any network exfiltration or external posting.
Install Mechanism
There is no install spec (instruction-only), so nothing is automatically downloaded or written to disk by the skill itself. This minimizes install-time risk.
Credentials
The skill declares no environment variables, credentials, or config paths beyond referencing a local plugin path (~/.claude/plugins) and optional graph.db. Those are proportionate to analysing a local code knowledge graph.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent system privileges or modify other skills' configurations.
Assessment
This skill is coherent for tracing call chains, but it will run local commands and read files in your repository and ~/.claude/plugins. Before using it, (1) confirm you trust the gauntlet plugin if present (review graph_query.py), (2) be aware the fallback uses ripgrep/grep to scan source files (may reveal secrets if present in code), and (3) prefer running the suggested commands manually first to verify outputs. If you have sensitive files in your repo or plugin folder, review them or run in a controlled environment.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
latestvk977f9jz3qd4es2jf7e183eg5x84mss2
64downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@athola
latest
Download

Night Market Skill — ported from claude-night-market/cartograph. For the full experience with agents, hooks, and commands, install the Claude Code plugin.

Call Chain Tracing

Trace execution flows through the codebase using the code knowledge graph.

Prerequisites

This skill requires the gauntlet plugin for graph data. Discover it:

GRAPH_QUERY=$(find ~/.claude/plugins -name "graph_query.py" -path "*/gauntlet/*" 2>/dev/null | head -1)

If gauntlet is not installed: Fall back to static analysis. Use grep to trace function calls and build a Mermaid diagram manually from import/call patterns. Skip graph-specific steps.

If installed but no graph.db: Tell the user to run /gauntlet-graph build.

Steps

  1. Accept target: Get a function name or entry point from the user (or trace all entry points).

  2. Run flow tracing (requires gauntlet):

    python3 "$GRAPH_QUERY" --action flows --depth 15

    To filter by entry point:

    python3 "$GRAPH_QUERY" --action flows --entry "main"

    Fallback (no gauntlet): Trace calls with rg (or grep):

    # Prefer rg (ripgrep) for speed; fall back to grep
if command -v rg &>/dev/null; then
  rg -n "function_name\(" --type py . | head -20
else
  grep -rn "function_name(" --include="*.py" . | head -20
fi

    Build the call tree manually from search results.

  3. Display as indented tree:

    main() [criticality: 0.72]
  -> validate_input()
    -> parse_config()
  -> process_data()
    -> db.execute_query()
    -> cache.store()
  -> send_response()

  4. Generate Mermaid flowchart:

    flowchart LR
  main --> validate_input
  main --> process_data
  main --> send_response
  validate_input --> parse_config
  process_data --> db.execute_query
  process_data --> cache.store

  5. Show criticality breakdown:

    • File spread: how many files the flow touches
    • Security sensitivity: auth/crypto code in the path
    • Test coverage gaps: untested nodes in the flow

Criticality Scoring

FactorWeightMeaning
File spread0.30Touches many files
Security0.25Contains auth/crypto code
External calls0.20Unresolved dependencies
Test gap0.15Untested nodes in flow
Depth0.10Deep call chains

Comments

Loading comments...