ClawHub

Combine Code Review

v1.2.1

Reviews Combine framework code for memory leaks, operator misuse, and error handling. Use when reviewing code with import Combine, AnyPublisher, @Published,...

0· 178·1 current·1 all-time
byKevin Anderson@anderskev

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for anderskev/combine-code-review.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Combine Code Review" (anderskev/combine-code-review) from ClawHub.
Skill page: https://clawhub.ai/anderskev/combine-code-review
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install combine-code-review

ClawHub CLI

Package manager switcher

npx clawhub@latest install combine-code-review
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description focus on Combine code review and all required artifacts (SKILL.md and several reference markdown files) are consistent with that purpose. The skill requests no binaries, env vars, or configs — proportional to a lint/review helper.
Instruction Scope
SKILL.md gives concrete, bounded instructions for analyzing Combine snippets (what to check, how to report file:line, when to ask for surrounding context). It does not instruct the agent to read unrelated system files, call external endpoints, or exfiltrate data. The requirement to ask for surrounding storage when uncertain is appropriate for accurate reviews and is not over-broad.
Install Mechanism
No install spec and no code files to execute; this is instruction-only, which minimizes on-disk risk.
Credentials
The skill declares no environment variables, credentials, or config-path requirements, matching its role as a static code-review guide.
Persistence & Privilege
always:false and normal model invocation settings. The skill does not request persistent system presence or modification of other skills or agent-wide configs.
Assessment
This instruction-only skill appears coherent and low-risk: it only guides the agent to inspect Combine code snippets and cite lines when flagging issues. Before using, avoid pasting sensitive secrets or private credentials into any code you submit for review. The skill can be invoked autonomously by the agent (default), so review its output before acting on high-risk changes and limit the code you send to only what’s necessary for the review.

Like a lobster shell, security has layers — review code before you run it.

latestvk973zstt2hd4sby56hxxjvkk6s85bpj6
178downloads
0stars
2versions
Updated 6d ago
v1.2.1
MIT-0
Kevin Anderson@anderskev
latest
Download

Combine Code Review

Quick Reference

Issue TypeReference
Publishers, Subjects, AnyPublisherreferences/publishers.md
map, flatMap, combineLatest, switchToLatestreferences/operators.md
AnyCancellable, retain cycles, [weak self]references/memory.md
tryMap, catch, replaceError, Neverreferences/error-handling.md

Review Checklist

  • All sink closures use [weak self] when self owns cancellable
  • No assign(to:on:self) usage (use assign(to: &$property) or sink)
  • All AnyCancellables stored in Set or property (not discarded)
  • Subjects exposed as AnyPublisher via eraseToAnyPublisher()
  • flatMap used correctly (not when map + switchToLatest needed)
  • Error handling inside flatMap to keep main chain alive
  • tryMap followed by mapError to restore error types
  • receive(on: DispatchQueue.main) before UI updates
  • PassthroughSubject for events, CurrentValueSubject for state
  • Future wrapped in Deferred when used with retry

When to Load References

  • Reviewing Subjects or publisher selection → publishers.md
  • Reviewing operator chains or combining publishers → operators.md
  • Reviewing subscriptions or memory issues → memory.md
  • Reviewing error handling or try* operators → error-handling.md

Hard gates (before you report findings)

Complete in order. Do not skip ahead while a prior gate is open.

  1. ScopePass: You name at least one file or type under review that imports Combine or uses APIs from the Quick Reference (e.g. AnyPublisher, @Published, PassthroughSubject). If none apply, stop with “out of scope.”
  2. Subscription retentionPass: For each sink, assign, and store(in:) in scope, you state where the AnyCancellable is retained (property, Set, task lifetime) or mark ephemeral with a one-line reason (e.g. synchronous one-shot that cannot outlive caller). If you cannot tell from the snippet, say unknown and ask for surrounding storage, do not assume safe.
  3. Retain-cycle claimPass: Confirmed leak findings state the capture chain (e.g. self → stored cancellable → closure strongly capturing self). Label suspected cases risk / verify, not confirmed leaks. When arguing safety, cite [weak self], [unowned self], or non-capturing patterns you relied on.
  4. UI / main threadPass: For updates to UIKit/SwiftUI from a chain, you either point to receive(on: DispatchQueue.main), @MainActor, or equivalent before the UI work, or flag missing scheduling with file:line.
  5. Severity and checklistPass: Every high or critical item includes file:line (or exact pasted lines) and names which Review Checklist row it breaks. Lower-severity notes may omit line numbers but must still be reproducible from named files.

Review Questions

  1. Are all subscriptions being retained? (Check for discarded AnyCancellables)
  2. Could any sink or assign create a retain cycle with self?
  3. Does flatMap need to be switchToLatest for search/autocomplete?
  4. What happens when this publisher fails? (Will it kill the main chain?)
  5. Are error types preserved or properly mapped after try* operators?

Comments

Loading comments...