Install
openclaw skills install @nickflach/adversarial-design-reviewCritically examine risky system designs with specialist agents before coding to identify real failure scenarios and fixes in hardware, concurrency, formats,...
openclaw skills install @nickflach/adversarial-design-reviewA structured way to find the blockers in a risky design before you write a line of it — by spinning up a small panel of specialist agents that each attack the design from a different angle, hunting concrete failure scenarios with specific fixes. You then reconcile their findings, apply the real gaps, and implement with confidence.
The payoff is asymmetric: attacking a design (a paragraph) costs minutes; discovering the same flaw after it ships in a device driver or an on-disk format costs hours of headless debugging — or silent data loss. It also validates the load-bearing choices, so you don't waste time second-guessing code that is already correct.
This is not a code review (the code doesn't exist yet). It is a design review, run adversarially, in parallel, before implementation.
Use it before implementing anything hard to debug or hard to reverse:
Skip it for routine, easily-reversible code (a CRUD handler, a config change, a UI tweak): the reconciliation overhead isn't worth it. Reserve it for the pieces where being wrong is expensive.
Capture the design as a concrete plan an attacker can bite: the exact register sequence, the struct layout, the buffer sizes, the ordering, the gate strings. Include the environment facts an attacker needs (single CPU vs SMP, interrupts on/off in this context, what the emulator/hardware guarantees, existing prior-art files to read). Vague designs get vague attacks.
Spawn 2–4 specialists with the Workflow tool, each attacking the same
design from a different lens. Every agent should:
Pick lenses from the catalog below by what the design touches. A
ready-to-run script template is in
resources/attack-workflow.template.js.
Read every finding. For each:
The agents will often confirm most of your choices and surface one or two genuine gaps. That confirmation is a feature: it tells you the risky code is sound and you can implement without hesitation.
Build it, then prove each behavior with a test that greps a real runtime signal (a boot-log line, a captured packet, a readback) — not just a unit test. And make the feature degrade honestly when its hardware/dependency is absent, gated on both sides (present and absent).
The same panel pattern works after implementation, over the diff, to catch what slipped through — a find → adversarially-verify pipeline where skeptics try to refute each finding before it's believed.
Pick the lenses the design actually touches:
Applied while building flaukowski/QuantumOS into a functional OS (2026), pre-implementation attacks caught real blockers that would each have been painful to find post-ship:
CACHE FLUSH issued while the drive was still BSY from
the write — silently a no-op under the emulator, illegal on real
hardware. Fix: complete the write handshake first, then one flush per run.Each of these was a paragraph in a design brief, killed in minutes, instead of a heisenbug in a headless emulator.
The review is strongest alongside three habits it assumes:
See resources/attack-workflow.template.js
for a copy-paste Workflow script, and
docs/PLAYBOOK.md for the longer field guide with more
lens prompts and reconciliation examples.