ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nm Attune Makefile Generation

v1.0.0

Generate Makefiles with testing, linting, formatting, and automation targets for new projects

0· 53·1 current·1 all-time
by@athola
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the instructions: detecting project language, rendering a Makefile template, and verifying with make are appropriate for a Makefile generator. However, the SKILL.md references template files at plugins/attune/templates and a Python import (template_engine) that are not present in this instruction-only package, so the skill as distributed is incomplete or expects external components.
Instruction Scope
Runtime steps only touch project files you'd expect (pyproject.toml, Cargo.toml, package.json) and write a Makefile; commands suggested (make --dry-run, make help) are within scope. There is no instruction to read unrelated system configuration or exfiltrate data. The only scope concern is the implicit requirement to access template resources and a template engine that the skill does not provide.
Install Mechanism
No install spec and no code files — lowest-risk distribution. Because nothing is downloaded or written by an installer, there is no install-time code execution risk from this package itself.
Credentials
The skill requests no environment variables, credentials, or config paths, which is proportionate for a Makefile generator.
Persistence & Privilege
always is false and there is no install or persistent configuration; the skill does not request elevated or persistent privileges.
Scan Findings in Context
[no_code_files_found] expected: The package is instruction-only (SKILL.md) and contains no code or templates for the template_engine or plugins/attune/templates path referenced in the instructions. This is expected for an instruction-only skill, but it creates an operational gap: the SKILL.md assumes external templates/components.
What to consider before installing
This skill is an instruction-only Makefile generator and does not include the template files or Python template_engine it references — it likely expects resources from the original claude-night-market/attune plugin or the 'Claude Code' plugin mentioned in the header. Before installing or allowing autonomous use: (1) Confirm where templates and the template engine come from (install the companion plugin or provide templates locally). (2) Test the skill in a disposable project to ensure it only reads project files (pyproject.toml, Cargo.toml, package.json) and writes the Makefile you expect. (3) Because no credentials are requested, credential exfiltration is not a concern here, but incomplete dependencies could cause the agent to attempt to install or import components at runtime — review any follow-up instructions the agent may receive and avoid granting broad system access. If you plan to enable autonomous invocation, ensure the missing templates/components are supplied from a trusted source.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
latestvk97cj2x57nrnxr87qfgqbb45vd84j2tw
53downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@athola
latest
Download

Night Market Skill — ported from claude-night-market/attune. For the full experience with agents, hooks, and commands, install the Claude Code plugin.

Table of Contents

Makefile Generation Skill

Generate a Makefile with standard development targets for Python, Rust, or TypeScript projects.

When To Use

  • Need a Makefile for a project without one
  • Want to update Makefile with new targets
  • Standardizing build automation across projects
  • Setting up development workflow commands
  • Creating language-specific build targets

When NOT To Use

  • Makefile already exists and is current
  • Project uses alternative build system exclusively (e.g., npm scripts only)
  • Complex custom build process that doesn't fit standard patterns
  • Use /attune:upgrade-project instead for updating existing Makefiles

Standard Targets

Python Makefile

Common targets:

  • help - Show available targets
  • install - Install dependencies with uv
  • lint - Run ruff linting
  • format - Format code with ruff
  • typecheck - Run mypy type checking
  • test - Run pytest
  • test-coverage - Run tests with coverage report
  • check-all - Run all quality checks
  • clean - Remove generated files and caches
  • build - Build distribution packages
  • publish - Publish to PyPI

Rust Makefile

Common targets:

  • help - Show available targets
  • fmt - Format with rustfmt
  • lint - Run clippy
  • check - Cargo check
  • test - Run tests
  • build - Build release binary
  • clean - Clean build artifacts

TypeScript Makefile

Common targets:

  • help - Show available targets
  • install - Install npm dependencies
  • lint - Run ESLint
  • format - Format with Prettier
  • typecheck - Run tsc type checking
  • test - Run Jest tests
  • build - Build for production
  • dev - Start development server

Workflow

1. Detect Language

# Check for language indicators
if [ -f "pyproject.toml" ]; then
    LANGUAGE="python"
elif [ -f "Cargo.toml" ]; then
    LANGUAGE="rust"
elif [ -f "package.json" ]; then
    LANGUAGE="typescript"
fi

Verification: Run the command with --help flag to verify availability.

2. Load Template

from pathlib import Path

template_path = Path("plugins/attune/templates") / language / "Makefile.template"

Verification: Run the command with --help flag to verify availability.

3. Collect Project Info

metadata = {
    "PROJECT_NAME": "my-project",
    "PROJECT_MODULE": "my_project",
    "PYTHON_VERSION": "3.10",
}

Verification: Run the command with --help flag to verify availability.

4. Render Template

from template_engine import TemplateEngine

engine = TemplateEngine(metadata)
engine.render_file(template_path, Path("Makefile"))

Verification: Run the command with --help flag to verify availability.

5. Verify

make help

Verification: Run make --dry-run to verify build configuration.

Customization

Users can add custom targets after the generated ones:

# ============================================================================
# CUSTOM TARGETS
# ============================================================================

deploy: build ## Deploy to production
	./scripts/deploy.sh

Verification: Run the command with --help flag to verify availability.

Related Skills

  • Skill(attune:project-init) - Full project initialization
  • Skill(abstract:makefile-dogfooder) - Makefile testing and validation

Troubleshooting

Common Issues

Command not found Ensure all dependencies are installed and in PATH

Permission errors Check file permissions and run with appropriate privileges

Unexpected behavior Enable verbose logging with --verbose flag

Comments

Loading comments...