Nm Pensive Api Review
v1.0.0Evaluate API surface design, consistency, documentation, and exemplar alignment
⭐ 0· 31·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description (API review, consistency, docs) matches the instructions and included modules, which enumerate ripgrep/git/cargo/sphinx/tsc/etc commands used to catalog and audit a codebase. The declared required config paths (night-market.pensive:shared and night-market.imbue:proof-of-work) are consistent with the skill's need to capture reproducible command output and structured formatting.
Instruction Scope
Instructions direct the agent to scan the repository (rg across src, check docs, run git status, generate docs, etc.) and to record executed commands in an evidence log. This is appropriate for an API audit, but it means the skill will read potentially all files in the working tree and capture command output. The SKILL.md does not instruct sending data to external endpoints beyond referencing internal 'imbue' modules.
Install Mechanism
There is no install spec or code to write to disk: the skill is instruction-only. Low-risk in terms of installation; it relies on host binaries being present (rg, git, cargo, sphinx, go, tsc, npx, yq, etc.) but does not provision or download additional software.
Credentials
The skill requests no environment variables or external credentials, which is proportional. It does declare two required config paths (night-market.pensive:shared and night-market.imbue:proof-of-work). These appear to be internal Night Market/imbue configuration hooks used for command capture and structured output; users should verify that those config entries do not expose unrelated secrets or grant broader access than intended.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges. Autonomous invocation is allowed (platform default) but there is no indication the skill attempts to modify other skills or global agent configuration.
Assessment
This skill is coherent for performing a repository-based API review: it will run local scanning commands and produce a structured evidence log. Before installing or invoking it, (1) confirm the two required config paths (night-market.pensive:shared and night-market.imbue:proof-of-work) are trustworthy and do not contain or grant access to secrets you don't want exposed; (2) avoid running this on repositories that contain sensitive secrets or credentials because the tool will read source/docs and record command output; (3) run it in a sandboxed environment or a checkout that strips secrets if you have concerns; and (4) ensure the host has the expected CLI tools available (rg, git, cargo, sphinx, tsc, etc.). Autonomous invocation is the platform default and not elevated here, but if you plan to allow the agent to run skills without supervision, review the evidence-capture settings so command outputs aren't exfiltrated outside your environment.Like a lobster shell, security has layers — review code before you run it.
latestvk9794e96zg5ea5taweng913cqs84t0kg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis
Confignight-market.pensive:shared, night-market.imbue:proof-of-work