ClawHub

pyproject.toml Validator

v1.0.0

Validate Python project pyproject.toml files against PEP 517/621 rules for project metadata, build system, and tool configurations with detailed reports.

0· 21·0 current·0 all-time
by@charlie-morrison
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description, SKILL.md usage examples, and the included Python script all focus on validating pyproject.toml (project, build-system, and tool.*). There are no unrelated binaries, cloud credentials, or unexplained dependencies requested.
Instruction Scope
SKILL.md directs the agent to run the included script against a provided pyproject.toml. The script (as inspected) parses TOML and applies static validation rules; it performs local file reads only and contains no network calls, subprocess execution, or instructions to read unrelated system configuration.
Install Mechanism
No install spec is provided (instruction-only with an included script). That minimizes disk-writing/install risk; the package will simply be run by the agent with Python.
Credentials
The skill declares no required environment variables or credentials, and the script does not reference secrets or external service tokens. Requested access is proportional to its function.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or modifications to other skills or system-wide agent settings.
Assessment
This appears to be a straightforward pyproject.toml validator, but the source is unknown. Before running: (1) review the included script yourself (or run it in a sandbox/container) to confirm it only reads the intended file(s); (2) avoid pointing it at sensitive system files (use the project pyproject.toml); (3) run with a non-privileged user; and (4) prefer running this with a trusted copy of the tool or using a known, published validator if you need stronger provenance guarantees.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dp9h3x7xp1p22kqpwptrcv5855c9t
21downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
@charlie-morrison
latest
Download

pyproject-toml-validator

Validate pyproject.toml files for Python projects against PEP 517/621 standards.

What it does

Checks your pyproject.toml for common mistakes across three areas:

  • [project] — name format (PEP 508), version, license (SPDX), classifiers, dependency specs, authors, dynamic fields
  • [build-system] — requires, build-backend validation, known backends
  • [tool.*] — ruff, mypy, pytest, black, isort section validation with tool-specific rules

Rules (30+)

CategoryRulesExamples
Project metadata (10)Missing name/version, invalid name format, unknown fields, malformed requires-python, unknown classifiers, empty authors, name in dynamicname = "My Package!" → invalid PEP 508 name
Dependencies (4)Duplicate deps, unpinned deps, overlapping optional groupsrequests and Requests both listed
Build system (4)Missing requires/build-backend, empty requires, unknown fieldsNo [build-system] table
Tool sections (12+)Ruff select/ignore overlap, mypy type mismatches, black/ruff conflict, isort/ruff conflict, unusual line lengths, invalid target versions[tool.ruff.lint] select = ["E501"] + ignore = ["E501"]

Output formats

  • text — human-readable with severity icons (❌ ⚠️ ℹ️)
  • json — structured with summary counts
  • summary — one-line PASS/WARN/FAIL

Exit codes

  • 0 — no errors (warnings/info allowed)
  • 1 — errors found (or --strict with any issue)
  • 2 — file not found or parse error

Commands

validate

Full validation of all sections.

python3 scripts/pyproject_validator.py validate pyproject.toml
python3 scripts/pyproject_validator.py validate --format json pyproject.toml
python3 scripts/pyproject_validator.py validate --strict pyproject.toml

project

Validate only the [project] table.

python3 scripts/pyproject_validator.py project pyproject.toml

build

Validate only [build-system].

python3 scripts/pyproject_validator.py build pyproject.toml

tools

Validate only [tool.*] sections (ruff, mypy, pytest, black, isort).

python3 scripts/pyproject_validator.py tools --min-severity warning pyproject.toml

Options

OptionValuesDefaultDescription
--formattext, json, summarytextOutput format
--min-severityerror, warning, infoinfoFilter by minimum severity
--strictflagoffExit 1 on any issue

Requirements

  • Python 3.11+ (uses tomllib from stdlib)
  • Falls back to built-in simple TOML parser on Python 3.10

Examples

# Quick check
python3 scripts/pyproject_validator.py validate pyproject.toml

# CI pipeline
python3 scripts/pyproject_validator.py validate --strict --format summary pyproject.toml

# Check only tool configs
python3 scripts/pyproject_validator.py tools --format json pyproject.toml

# Filter noise
python3 scripts/pyproject_validator.py validate --min-severity warning pyproject.toml

Comments

Loading comments...