Nm Pensive Blast Radius
v1.0.0Analyze the blast radius of code changes with risk scoring. Shows affected nodes, untested functions, and review priorities using the code knowledge graph
⭐ 0· 38·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The skill claims to compute blast radius using a code knowledge graph and its runtime instructions actually attempt graph queries, fall back to cross-file tracing tools, and use git diffs — these are appropriate for the stated purpose.
Instruction Scope
Instructions stay within codebase analysis (git, rg/grep, sem) and optionally invoke a local gauntlet graph_query.py; this is expected, but the skill explicitly runs code found under ~/.claude/plugins which is arbitrary local code and should be trusted/inspected before executing.
Install Mechanism
No install spec or external downloads — instruction-only. That lowers installation risk; the only runtime risk is executing existing local tooling (python3, sem, rg) if present.
Credentials
The skill does not request environment variables or external credentials. However it will read and execute a Python script from the user's ~/.claude/plugins path and scan the repository files; these operations are proportional to impact analysis but require trusting local plugin code.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent privileges or modify other skills. It runs only when invoked and performs local analysis commands.
Scan Findings in Context
[no-regex-findings] expected: The package is instruction-only with no code files, so the regex-based scanner had nothing to analyze — this is expected but leaves runtime behavior determined entirely by the SKILL.md steps.
Assessment
This skill appears to do what it says: it inspects git changes and (when available) queries a local code-graph tool. Before using it, ensure any local tooling it runs is trustworthy: verify the contents of ~/.claude/plugins/gauntlet/graph_query.py (or equivalent), and be cautious about running unknown Python/CLI tools. If you prefer safety, run the commands in a disposable container or inspect outputs manually instead of auto-executing the suggested scripts. If you don't have the gauntlet plugin or sem installed, the fallback grep/rg approach is less powerful but avoids executing third-party Python code.Like a lobster shell, security has layers — review code before you run it.
latestvk970sey649s2ahjnkgy3rf63yd84wver
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🦞 Clawdis