simplify-and-harden
v1.0.1Post-completion self-review for coding agents that runs simplify, harden, and micro-documentation passes on non-trivial code changes. Use when: a coding task...
⭐ 10· 1.3k·8 current·8 all-time
by@pskoett
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the runtime instructions: a bounded post-completion simplify/harden/document pass on modified source files. The skill requests no binaries, env vars, or config paths, which is proportional to the claimed functionality.
Instruction Scope
SKILL.md stays within the stated scope (only touch files modified in the task, 20% budget limit, 60s default time cap). However it explicitly permits applying 'simple patches' automatically in interactive sessions and suggests the agent will determine diffs and make edits; that behavior can silently change user code if not monitored. Confirm your agent enforces the 'only modified files' rule, budget/time limits, and explicit approval for refactors/security refactors.
Install Mechanism
The registry lists this as an instruction-only skill with no install spec, yet SKILL.md shows an 'npx skills add pskoett/pskoett-ai-skills/simplify-and-harden' install command. That is a documentation/integration mismatch. Running the npx command would fetch external code (GitHub/npm), so inspect that package before executing it; the skill as published in the registry does not itself install code.
Credentials
No environment variables, credentials, or config paths are required. The lack of secret access is consistent with the skill's stated purpose.
Persistence & Privilege
The skill is not always: true and does not request persistent privileges. It recommends adding context snippets to agent configs in documentation, but those are manual actions by the operator and not automatic modifications of other skills or system-wide settings.
Assessment
This skill appears coherent and low-risk, but take these precautions before enabling it: 1) If you run the documented 'npx skills add' command, inspect the remote package (pskoett/pskoett-ai-skills) first — npx will fetch and run external code. 2) Be aware interactive mode can apply 'simple patches' automatically; if you want to review every change, disable automatic edits or run the CI-only variant. 3) Confirm your agent actually enforces the 'only modified files' and budget/time limits to avoid unintended edits to unrelated code. 4) Keep independent reviews in your workflow — the skill is explicitly a first-pass self-review, not a substitute for external review. 5) Try the skill on small, low-risk tasks first and verify generated diffs/commits before using it on critical repositories.Like a lobster shell, security has layers — review code before you run it.
latestvk978js4rhg2yfjnk2pr06d9zzs81p1vp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.