cachelint

v1.0.1

Caching anti-pattern analyzer -- detects Redis/Memcached misuse, TTL problems, cache invalidation failures, stampedes, architecture issues, and security hygi...

⭐ 0· 77·0 current·0 all-time

by@suhteevah

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for suhteevah/cachelint.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "cachelint" (suhteevah/cachelint) from ClawHub.
Skill page: https://clawhub.ai/suhteevah/cachelint
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: git, bash, python3, jq
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cachelint

ClawHub CLI

Package manager switcher

npx clawhub@latest install cachelint

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the shipped scripts and patterns: the bundle contains a regex-based scanner (patterns.sh), dispatcher/analyzer to run scans, and lefthook integration for git hooks. Declared requirements (git, bash, python3, jq) are reasonable for file discovery, parsing JSON, and hook installation. The brew install of lefthook aligns with the provided lefthook.yml and hooks-install logic.

ℹ

Instruction Scope

Runtime instructions and scripts operate locally: they discover files, run grep-based pattern matching, compute scores, and produce text/json/html reports. The skill reads ~/.openclaw/openclaw.json (declared in metadata) to retrieve a license key and can source its own scripts during git hooks. This is expected, but the hook mechanism will source pattern/analyzer code during commits/pushes, so installing hooks gives the skill a persistent action on repo operations.

✓

Install Mechanism

Install spec only requests installing lefthook via Homebrew (a known tool) rather than fetching arbitrary archives or running remote installers. The skill's own files are provided in the package (no external code download at runtime). The lefthook install step will write to the repository's lefthook.yml and run lefthook install — expected for git hook integration.

ℹ

Credentials

Primary credential CACHELINT_LICENSE_KEY is declared and used only for unlocking paid tiers — proportional to the product. The license module reads ~/.openclaw/openclaw.json to find a key (declared in metadata). One additional env var (CLAWHUB_JWT_SECRET) appears in the license module as an optional HMAC verification secret but is not declared in the skill metadata; it's optional and only used to verify JWT signatures if set.

ℹ

Persistence & Privilege

always:false and model invocation is allowed (default). The notable persistence is git-hook integration: installing hooks writes/edits lefthook.yml in repositories and runs lefthook install so the scanner can run automatically on pre-commit/pre-push. This is expected for tools that guard commits, but users should be aware hooks will execute the skill's code during normal git operations.

Assessment

What to consider before installing: - Function: CacheLint appears to be a local, regex-based caching anti-pattern scanner — the scripts run locally and there are no network calls in the provided code. - License/key: Pro/Team features require a CACHELINT_LICENSE_KEY. The tool will also try to read ~/.openclaw/openclaw.json for a stored key; if you keep secrets in that file, the skill will read them to find the license. If you do NOT want the tool to access that file, avoid setting the license or remove the entry. - Optional secret: The license verifier optionally looks for CLAWHUB_JWT_SECRET (not declared in metadata) to verify JWT signatures if you set it; you don't need to set this for normal use. - Git hooks: Installing hooks will write/modify lefthook.yml in your repo and run lefthook install so the scanner runs on commit/push; consider whether you want automatic scans blocking commits and verify the hooked commands source the skill from a path you control (CACHELINT_SKILL_DIR defaults to $HOME/.openclaw/skills/cachelint). - lefthook install: The install spec only requests installing lefthook via Homebrew. If you prefer more control, install lefthook separately and run the skill's hooks install command yourself. - Audit before use: Because the scanner sources scripts into hook execution, review the shipped scripts (patterns.sh, analyzer.sh, dispatcher.sh, license.sh) in-place (they are included in this package) to be comfortable with what will run on commit/push. Overall recommendation: behavior is consistent with the claimed purpose. If you accept local reading of ~/.openclaw/openclaw.json and automatic git hooks, the skill is coherent; otherwise restrict license placement and skip hook installation.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🗄️ Clawdis

OSmacOS · Linux · Windows

Binsgit, bash, python3, jq

Primary envCACHELINT_LICENSE_KEY

Install

Install lefthook (git hooks manager)

Bins: lefthook

brew install lefthook

latestvk977bzprg2gpaj4d6v09xk4ba184tspn

77downloads

0stars

1versions

Updated 1w ago

v1.0.1

MIT-0

macOS, Linux, Windows

CacheLint -- Caching Anti-Pattern Analyzer

CacheLint scans codebases for application-level caching anti-patterns: Redis/Memcached misuse, missing cache invalidation after writes, TTL problems, cache stampede risks, architecture issues, and security hygiene gaps. It uses regex-based pattern matching against 90 caching-specific patterns across 6 categories, lefthook for git hook integration, and produces markdown reports with actionable remediation guidance. 100% local. Zero telemetry.

Note: CacheLint focuses on application-level caching (Redis calls, Memcached operations, local cache usage, invalidation logic, TTL management). It does NOT analyze HTTP cache headers.

Commands

Free Tier (No license required)

`cachelint scan [file|directory]`

One-shot caching quality scan of files or directories.

How to execute:

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [target]

What it does:

Accepts a file path or directory (defaults to current directory)
Discovers all source files (skips .git, node_modules, binaries, images, .min.js)
Runs 30 caching patterns against each file (free tier limit)
Calculates a caching quality score (0-100) per file and overall
Grades: A (90-100), B (80-89), C (70-79), D (60-69), F (<60)
Outputs findings with: file, line number, check ID, severity, description, recommendation
Exit code 0 if score >= 70, exit code 1 if caching quality is poor
Free tier limited to first 30 patterns (CI + TE categories)

Example usage scenarios:

"Scan my code for caching issues" -> runs cachelint scan .
"Check this file for cache anti-patterns" -> runs cachelint scan src/cache-service.ts
"Find missing cache invalidation" -> runs cachelint scan src/
"Audit cache TTL settings" -> runs cachelint scan .
"Check for Redis misuse" -> runs cachelint scan .

Pro Tier ($19/user/month -- requires CACHELINT_LICENSE_KEY)

`cachelint scan --tier pro [file|directory]`

Extended scan with 60 patterns covering invalidation, TTL, stampede, and Redis misuse.

How to execute:

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [target] --tier pro

What it does:

Validates Pro+ license
Runs 60 caching patterns (CI, TE, CS, RM categories)
Detects cache stampede risks and Redis anti-patterns
Identifies KEYS * usage, missing pipelines, unbounded lists
Full category breakdown reporting

`cachelint scan --format json [directory]`

Generate JSON output for CI/CD integration.

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [directory] --format json

`cachelint scan --format html [directory]`

Generate HTML report for browser viewing.

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [directory] --format html

`cachelint scan --category CS [directory]`

Filter scan to a specific check category (CI, TE, CS, RM, CA, SH).

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [directory] --category CS

Team Tier ($39/user/month -- requires CACHELINT_LICENSE_KEY with team tier)

`cachelint scan --tier team [directory]`

Full scan with all 90 patterns across all 6 categories including architecture and security.

How to execute:

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [directory] --tier team

What it does:

Validates Team+ license
Runs all 90 patterns across 6 categories
Includes cache architecture checks (N+1 gets, mixed strategies, no abstraction)
Includes security & hygiene (PII in keys, missing TLS, no encryption)
Full category breakdown with per-file results

`cachelint scan --verbose [directory]`

Verbose output showing every matched line and pattern details.

bash "<SKILL_DIR>/scripts/dispatcher.sh" --path [directory] --verbose

`cachelint status`

Show license and configuration information.

bash "<SKILL_DIR>/scripts/dispatcher.sh" status

Check Categories

CacheLint detects 90 caching anti-patterns across 6 categories:

Category	Code	Patterns	Description	Severity Range
Cache Invalidation	CI	15	Missing invalidation after writes, stale data, wrong write ordering	medium -- critical
TTL & Expiry	TE	15	Missing TTL, infinite cache, no jitter, hardcoded magic numbers	low -- high
Cache Stampede	CS	15	No lock on miss, thundering herd, missing singleflight, no stale-while-revalidate	low -- critical
Redis/Store Misuse	RM	15	KEYS *, FLUSHALL, no pipeline, missing pooling, synchronous calls	low -- critical
Cache Architecture	CA	15	N+1 gets, no abstraction, mixed strategies, no error fallback	low -- high
Security & Hygiene	SH	15	PII in keys, no TLS, missing encryption, no monitoring, key injection	low -- critical

Tier-Based Pattern Access

Tier	Patterns	Categories
Free	30	CI, TE
Pro	60	CI, TE, CS, RM
Team	90	CI, TE, CS, RM, CA, SH
Enterprise	90	CI, TE, CS, RM, CA, SH + priority support

Scoring

CacheLint uses a deductive scoring system starting at 100 (perfect):

Severity	Point Deduction	Description
Critical	-25 per finding	Severe risk (stampede, KEYS *, FLUSHALL, wrong write order)
High	-15 per finding	Significant problem (missing invalidation, no TTL, N+1 gets)
Medium	-8 per finding	Moderate concern (no jitter, missing pooling, mixed strategies)
Low	-3 per finding	Informational / best practice suggestion

Grading Scale

Grade	Score Range	Meaning
A	90-100	Excellent caching quality
B	80-89	Good caching with minor issues
C	70-79	Acceptable but needs improvement
D	60-69	Poor caching quality
F	Below 60	Critical caching problems

Pass threshold: 70 (Grade C or better)
Exit code 0 = pass (score >= 70)
Exit code 1 = fail (score < 70)

Configuration

Users can configure CacheLint in ~/.openclaw/openclaw.json:

{
  "skills": {
    "entries": {
      "cachelint": {
        "enabled": true,
        "apiKey": "YOUR_LICENSE_KEY_HERE",
        "config": {
          "severityThreshold": "medium",
          "ignorePatterns": ["**/test/**", "**/fixtures/**", "**/*.test.*"],
          "ignoreChecks": [],
          "reportFormat": "text"
        }
      }
    }
  }
}

Important Notes

Free tier works immediately with no configuration
All scanning happens locally -- no code is sent to external servers
License validation is offline -- no phone-home or network calls
Pattern matching only -- no AST parsing, no external dependencies beyond bash
Supports scanning all file types in a single pass
Git hooks use lefthook which must be installed (see install metadata above)
Exit codes: 0 = pass (score >= 70), 1 = fail (for CI/CD integration)
Output formats: text (default), json, html

Error Handling

If lefthook is not installed and user tries hooks, prompt to install it
If license key is invalid or expired, show clear message with link to https://cachelint.pages.dev/renew
If a file is binary, skip it automatically with no warning
If no scannable files found in target, report clean scan with info message
If an invalid category is specified with --category, show available categories

When to Use CacheLint

The user might say things like:

"Scan my code for caching issues"
"Check my cache invalidation logic"
"Find missing TTL on cache entries"
"Detect cache stampede risks"
"Are there any Redis anti-patterns?"
"Check for KEYS * usage in production code"
"Audit my caching architecture"
"Find security issues in cache usage"
"Check for PII in cache keys"
"Scan for missing cache invalidation"
"Run a caching quality audit"
"Generate a cache health report"
"Check if my Redis calls use pipelines"
"Find N+1 cache get patterns"
"Check my code for cache stampede vulnerabilities"

Comments

Loading comments...