ClawHub

Claude Config Linter

v0.1.0

Lint your Claude Code config for token waste. Checks CLAUDE.md, hooks, skills, and commands. Gives health score and actionable fixes. Use when user asks abou...

0· 23·0 current·0 all-time
bySingYee@singggggyee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md describes a Claude config linter and the instructions (reading ~/.claude/CLAUDE.md, settings.json, skills/, commands/ and running cclint) match that purpose. However, the registry metadata provided with the skill earlier lists no required config paths and no required binaries, while SKILL.md declares both config_paths and a required CLI (cclint). This metadata/instruction mismatch is likely an oversight but worth calling out.
Instruction Scope
Instructions explicitly require reading files under ~/.claude/ (CLAUDE.md, settings.json, skills/, commands/) which is exactly what a config linter needs. This is expected, but those paths can contain sensitive data (third-party skill tokens, webhook URLs, secrets stored by other skills). The skill claims 'runs offline, no network access' which is plausible for a local CLI linter, but you should confirm the cclint binary you run does not phone home.
Install Mechanism
This is an instruction-only skill with no install spec. It requires an external 'cclint' CLI; SKILL.md points to a GitHub repo for installation. That is reasonable, but because there's no automated install spec, users must install cclint themselves — verify the project's authenticity and review its install steps before running.
Credentials
The skill declares no environment variables or credentials and the work it performs (local linting of files) does not require additional secrets. No disproportionate credential requests are present.
Persistence & Privilege
The skill does not request always: true and makes no changes to other skills or global config in its instructions. Autonomous invocation is allowed by default (normal for skills) but not elevated here.
Scan Findings in Context
[no_regex_matches] expected: The static scanner found no code patterns because this is an instruction-only skill with no code files; that's expected but means there's no binary analysis to rely on.
Assessment
This skill appears to do what it says — lint your Claude configuration — but before installing or running it: 1) Confirm the cclint CLI you install is the legitimate project on the linked GitHub and inspect its README/install steps; 2) Review the files under ~/.claude/ yourself to see if they contain sensitive tokens you don't want read by tools; 3) Prefer running cclint locally in a controlled environment (or on a copy of your config) so you can inspect its behavior and JSON output; 4) Because the registry metadata omitted the declared config paths and the required CLI, treat that as a metadata quality issue and proceed only if you trust the author and the cclint project.

Like a lobster shell, security has layers — review code before you run it.

latestvk977xjt8ec1y6wtb2y6j40p87d847vnh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments