Nm Pensive Makefile Review
v1.0.0Audit Makefiles for build correctness, portability, and recipe duplication
⭐ 0· 44·1 current·1 all-time
by@athola
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description and included modules align with a Makefile/audit tool. However, the runtime instructions invoke tools and scripts (rg/ripgrep, make, pytest, python scripts like makefile_dogfooder.py, imbue logging) while the registry metadata declares no required binaries — a proportionality mismatch (the skill implicitly needs those tools). The required config paths (night-market.pensive:shared, night-market.imbue:proof-of-work) are plausible for internal logging/hooks but should be documented.
Instruction Scope
SKILL.md tells the agent to run repository-scanning commands (pwd, git status, rg patterns, make -pn) which are normal for a review. But it also documents invoking scripts (makefile_dogfooder.py) with --apply and demo targets that 'must run ACTUAL functionality' which can execute code and modify files. It instructs use of 'imbue:proof-of-work' to record outputs (i.e., send/log results). There is nothing in the file restricting destructive actions or requiring dry-run approval before applying changes.
Install Mechanism
Instruction-only skill with no install spec and no code files — low install risk. Nothing is downloaded or written by the skill bundle itself.
Credentials
No environment variables or credentials are requested, which limits remote exfiltration risk. The skill does declare two required config paths (night-market.pensive:shared, night-market.imbue:proof-of-work) which appear to be platform hooks; their purpose should be clarified. The larger concern is undeclared tool dependencies (rg, pytest, python, make) referenced by instructions.
Persistence & Privilege
always:false and no install steps — the skill does not request permanent inclusion or privileged agent-wide settings. It does include actions (apply/generate Makefile targets) that could change repository contents when invoked, but this is within the scope of a Makefile authoring/review tool rather than an attempt to persist itself.
What to consider before installing
This skill appears to be a genuine Makefile auditing guide, but take these precautions before running it: (1) Confirm the platform config hooks (night-market.pensive:shared and night-market.imbue:proof-of-work) and what data they receive; (2) Ensure required tools (ripgrep/rg, make, python, pytest, etc.) exist and are the versions you expect — the skill does not declare them; (3) Treat any 'apply' or demo steps as potentially modifying or executing repository code: run in a safe environment or only run dry‑run/test modes (e.g., avoid --apply, use make -n, run generated targets inside an isolated container); (4) Inspect any helper scripts (makefile_dogfooder.py or similar) before allowing them to run; (5) If you need higher assurance, ask the maintainer to add an explicit list of required binaries, an explicit dry-run-first policy, and clearer documentation of what the imbue:proof-of-work hook transmits.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🦞 Clawdis
Confignight-market.pensive:shared, night-market.imbue:proof-of-work
latest
Night Market Skill — ported from claude-night-market/pensive. For the full experience with agents, hooks, and commands, install the Claude Code plugin.
Table of Contents
- Quick Start
- When to Use
- Required TodoWrite Items
- Workflow
- Step 1: Map Context (
makefile-review:context-mapped) - Step 2: Dependency Graph (
makefile-review:dependency-graph) - Step 3: Deduplication Audit (
makefile-review:dedup-candidates) - Step 4: Portability Check (
makefile-review:tooling-alignment) - Step 5: Evidence Log (
makefile-review:evidence-logged) - Progressive Loading
- Output Format
- Summary
- Testing
Testing
Run pytest plugins/pensive/tests/skills/test_makefile_review.py to verify review logic.
Makefile Review Workflow
Audit Makefiles for best practices, deduplication, and portability.
Quick Start
/makefile-review
When To Use
- Makefile changes or additions
- Build system optimization
- Portability improvements
- CI/CD pipeline updates
- Developer experience improvements
When NOT To Use
- Creating new Makefiles - use abstract:make-dogfood
- Architecture review - use architecture-review
Required TodoWrite Items
makefile-review:context-mappedmakefile-review:dependency-graphmakefile-review:dedup-candidatesmakefile-review:tooling-alignmentmakefile-review:evidence-logged
Workflow
Step 1: Map Context (makefile-review:context-mapped)
Confirm baseline:
pwd && git status -sb && git diff --stat
Verification: Run git status to confirm working tree state.
Find Make-related files:
rg -n "^include" -g'Makefile*'
rg --files -g '*.mk'
Document changed targets, project goals, and tooling requirements.
Step 2: Dependency Graph (makefile-review:dependency-graph)
@include modules/dependency-graph.md
Step 3: Deduplication Audit (makefile-review:dedup-candidates)
@include modules/deduplication-patterns.md
Step 4: Portability Check (makefile-review:tooling-alignment)
@include modules/portability-checks.md
Step 5: Evidence Log (makefile-review:evidence-logged)
Use imbue:proof-of-work to record command outputs with file:line references.
Summarize findings:
- Severity (critical, major, minor)
- Expected impact
- Suggested refactors
- Owners and dates for follow-ups
Progressive Loading
Load additional context as needed:
Best Practices & Examples: @include modules/best-practices.md
Plugin Dogfood Checks: @include modules/plugin-dogfood-checks.md - Makefile completeness analysis, target generation, and dogfooding validation.
Output Format
## Summary
Makefile review findings
## Context
- Files reviewed: [list]
- Targets changed: [list]
## Dependency Analysis
[graph and issues]
## Duplication Candidates
### [D1] Repeated command
- Locations: [list]
- Recommendation: [pattern rule]
## Portability Issues
[cross-platform concerns]
## Missing Targets
- [ ] help
- [ ] format
- [ ] lint
## Recommendation
Approve / Approve with actions / Block
Exit Criteria
- Context mapped
- Dependencies analyzed
- Deduplication reviewed
- Portability checked
- Evidence logged
Troubleshooting
Common Issues
No Makefile found
Ensure Makefile or *.mk files exist in the project root or specify paths explicitly.
Include directives not resolved
Run rg -n "^include" -g'Makefile*' to trace include chains manually.
Comments
Loading comments...