ClawHub

Arch Review

v1.0.0

Stress-test designs before they ship—constraints, trade-offs, failure modes, and ADR-worthy decisions. Use for ADRs, big refactors, new services, or when ‘it...

0· 61·0 current·0 all-time
by@codenova58
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (architecture review / ADR-style guidance) matches the SKILL.md content. The skill declares no binaries, env vars, config paths, or installs — which is appropriate for a purely advisory review aid.
Instruction Scope
SKILL.md contains only guidance for eliciting inputs and producing review outputs (risks, mitigations, open questions). It does not instruct the agent to read system files, access credentials, or send data to external endpoints. It does encourage asking for inputs; users should avoid pasting secrets or sensitive configs into the prompt.
Install Mechanism
No install spec and no code files are present. Being instruction-only means nothing is written to disk or fetched at install time—lowest installation risk.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportionate for an advisory architecture-review skill. Note: the skill expects users to provide architecture context; those inputs can be sensitive if they contain secrets or credentials, so users should sanitize before sharing.
Persistence & Privilege
Registry flags are default (always:false, agent-autonomy allowed by platform default). There's no request for permanent presence or system-wide config changes. Autonomous invocation is permitted by platform defaults but is not combined with other concerning privileges here.
Assessment
This skill is instruction-only and coherent with its purpose — low technical risk. Before using it, avoid pasting secrets, credentials, or sensitive infrastructure diagrams into prompts; provide sanitized goals, constraints, and incident summaries instead. Because the skill is just guidance text (no code), it won't install or run binaries, but any context you give the agent can be exposed in the agent's logs or outputs — only share what you're comfortable having reviewed. If you want extra safety, restrict use to interactive, user-invoked sessions rather than enabling broad autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d4gjanm8dj6fze7f6ydmqwh83qvqy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments