Axum Code Review
v1.0.1Reviews axum web framework code for routing patterns, extractor usage, middleware, state management, and error handling. Use when reviewing Rust code that us...
⭐ 0· 113·1 current·1 all-time
byKevin Anderson@anderskev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and included reference files (routing, middleware, extractors) align with a Rust Axum code-review skill. The checklist and severity calibration match expected reviewer tasks. The skill does not declare unrelated binaries, env vars, or configs.
Instruction Scope
Runtime instructions are limited to reviewing Cargo.toml, routing, extractors, state, middleware, and error handling — all within the declared domain. One instruction says: "Load and follow beagle-rust:review-verification-protocol before reporting any issue." That is ambiguous (unspecified how/where to load it) and could imply fetching an external protocol or internal policy; the SKILL.md does not provide details. Otherwise there are no instructions to read unrelated system files, env vars, or to transmit data to external endpoints.
Install Mechanism
No install spec and no code files that would be written to disk. This is instruction-only, which is the lowest install risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The review guidance references common Rust/aXum crates but does not request secrets or unrelated credentials.
Persistence & Privilege
always:false (not force-included) and no claims to modify other skills or system-wide configuration. The skill does not request persistent presence or elevated privileges.
Assessment
This skill appears coherent and low-risk: it contains only review guidance and reference docs for Axum/Rust and does not request secrets or installs. Two practical checks before using it: (1) The SKILL.md asks you to "Load and follow beagle-rust:review-verification-protocol" but doesn't say where that protocol lives — verify what that protocol is and whether following it will require the agent to fetch anything from the network or to send your findings elsewhere. (2) Decide what code you allow the agent to inspect — the skill is a reviewer, so it will examine whatever code you provide; avoid sending private keys or unrelated sensitive files. If you need absolute isolation, run the review locally/offline or inspect the verification protocol before invoking the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97ejxeb8qjcj25dbg9wxz003d84q9s1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.