ClawHub

Nm Pensive Shell Review

v1.0.0

Audit shell scripts for correctness, portability, and common pitfalls

0· 51·1 current·1 all-time
by@athola
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim to audit shell scripts and the SKILL.md contains only inspection and remediation guidance, grep/find detection patterns, and suggestions to run shellcheck — all directly relevant. The declared required config paths (night-market.pensive:shared and night-market.imbue:proof-of-work) map to documented evidence-logging behavior in the workflow and are plausible for a review/logging skill.
Instruction Scope
Instructions direct the agent to scan repository files (find, rg, grep) and to run checks like shellcheck and unit tests; this is appropriate for a review skill. However, the workflow explicitly instructs the use of imbue:proof-of-work to record findings (file:line references), which implies transmitting or storing review results via the configured Night Market/imbue integration — verify you trust that destination before enabling the skill.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install posture. It expects external tools (shellcheck, rg/grep, pytest) to be present but does not attempt to install anything.
Credentials
No environment variables or external credentials are requested. The only non-local requirements are two config paths (night-market.pensive:shared and night-market.imbue:proof-of-work) used for shared config and evidence logging; these are proportionate to a review-and-log workflow but warrant inspection so you know where findings will be recorded/transmitted.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent or elevated privileges. There is no indication it modifies other skills or system settings.
Assessment
This skill appears to do what it says: scan your repository's shell scripts for portability, exit-code, and safety issues. Before installing: (1) confirm what the two required config entries (night-market.pensive:shared and night-market.imbue:proof-of-work) point to and whether findings will be sent to an external service you trust; (2) ensure you are comfortable the agent can read the repo (find/rg/grep) and that no sensitive secrets are present in scripts you don't want exported; (3) have shellcheck/rg/pytest available if you want full verification; and (4) if you enable automatic invocation, review how and when evidence logging occurs so results aren't sent unexpectedly.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
Confignight-market.pensive:shared, night-market.imbue:proof-of-work
latestvk97aaqw35dheaqg3s89wd42c9x84xbp6
51downloads
0stars
1versions
Updated 4d ago
v1.0.0
MIT-0
@athola
latest
Download

Night Market Skill — ported from claude-night-market/pensive. For the full experience with agents, hooks, and commands, install the Claude Code plugin.

Table of Contents

Shell Script Review

Audit shell scripts for correctness, safety, and portability.

Verification

After review, run shellcheck <script> to verify fixes address identified issues.

Testing

Run pytest plugins/pensive/tests/skills/test_shell_review.py -v to validate review patterns.

Quick Start

/shell-review path/to/script.sh

When To Use

  • CI/CD pipeline scripts
  • Git hook scripts
  • Wrapper scripts (run-*.sh)
  • Build automation scripts
  • Pre-commit hook implementations

When NOT To Use

  • Non-shell scripts (Python, JS, etc.)
  • One-liner commands that don't need review

Required TodoWrite Items

  1. shell-review:context-mapped
  2. shell-review:exit-codes-checked
  3. shell-review:portability-checked
  4. shell-review:safety-patterns-verified
  5. shell-review:evidence-logged

Workflow

Step 1: Map Context (shell-review:context-mapped)

Identify shell scripts:

# Find shell scripts
find . -not -path "*/.venv/*" -not -path "*/__pycache__/*" \
  -not -path "*/node_modules/*" -not -path "*/.git/*" \
  -name "*.sh" -type f | head -20
# Check shebangs
rg -l "^#!/" scripts/ hooks/ 2>/dev/null | head -10
# fallback: grep -l "^#!/" scripts/ hooks/ 2>/dev/null | head -10

Document:

  • Script purpose and trigger context
  • Integration points (make, pre-commit, CI)
  • Expected inputs and outputs

Step 2: Exit Code Audit (shell-review:exit-codes-checked)

@include modules/exit-codes.md

Step 3: Portability Check (shell-review:portability-checked)

@include modules/portability.md

Step 4: Safety Patterns (shell-review:safety-patterns-verified)

@include modules/safety-patterns.md

Step 5: Evidence Log (shell-review:evidence-logged)

Use imbue:proof-of-work to record findings with file:line references.

Summarize:

  • Critical issues (failures masked, security risks)
  • Major issues (portability, maintainability)
  • Minor issues (style, documentation)

Output Format

## Summary
Shell script review findings

## Scripts Reviewed
- [list with line counts]

## Exit Code Issues
### [E1] Pipeline masks failure
- Location: script.sh:42
- Pattern: `cmd | grep` loses exit code
- Fix: Use pipefail or capture separately

## Portability Issues
[cross-platform concerns]

## Safety Issues
[unquoted variables, missing set flags]

## Recommendation
Approve / Approve with actions / Block

Exit Criteria

  • Exit code propagation verified
  • Portability issues documented
  • Safety patterns checked
  • Evidence logged

Comments

Loading comments...