doccoverage
v1.0.1Documentation coverage & quality analyzer — detects undocumented public functions, missing JSDoc/docstrings/godoc/Javadoc, incomplete parameter descriptions,...
⭐ 0· 47·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (doc coverage across JS/TS, Python, Go, Java, Ruby) lines up with the included scripts (patterns.sh, analyzer.sh) and the provided commands. Required binaries (git, bash, python3, jq) are reasonable for file discovery, pattern matching, config parsing, and git-hook installation. The primary credential (DOCCOVERAGE_LICENSE_KEY) is appropriate for gating Pro/Team features.
Instruction Scope
SKILL.md and the scripts limit actions to local scanning, report generation, license validation, and modifying/creating lefthook.yml in a repository when installing hooks. The code reads ~/.openclaw/openclaw.json (declared in metadata) for optional configuration, and does not make network calls or transmit repository contents externally. Pre-commit hook behavior (sourcing patterns and analyzer then running hook_doccoverage_scan) is expected for a hooks-based scanner.
Install Mechanism
Install spec uses the well-known brew formula 'lefthook' to provide the lefthook binary used for git hooks. No arbitrary URL downloads or archive extraction are present; files included in the skill are the scanner implementation. This is proportionate for adding optional hook support.
Credentials
The declared primary env DOCCOVERAGE_LICENSE_KEY matches the code's license checks. The license module optionally uses CLAWHUB_JWT_SECRET to verify JWT signatures and may invoke node or openssl if present — these optional environment/command usages are not listed in requires.env but are only used when present (fallbacks). No other unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request permanent system-wide privileges. The only persistent change is writing/modifying a repository's lefthook.yml when the user runs 'hooks install' (expected for a hook installer). The skill does not modify other skills' configs or agent-wide settings beyond reading the declared ~/.openclaw/openclaw.json.
Assessment
This skill appears to do what it claims: local, regex-based documentation scans and optional installation of lefthook pre-commit hooks. Before installing: 1) Understand that 'hooks install' will create or modify lefthook.yml in your repository root and will cause the hooks to run on every commit (it can block commits on critical findings). Back up any existing lefthook.yml if you have one. 2) Pro/Team features require DOCCOVERAGE_LICENSE_KEY (can be set as env var or placed into ~/.openclaw/openclaw.json); the license code stays local and performs offline JWT decoding. 3) The code may use node or openssl if present to assist license parsing/verification (these are optional fallbacks and not required). 4) If you rely on zero-telemetry/offline guarantees, review network calls in the environment where you run the skill — the included scripts do not perform outbound network requests. 5) If you want to be extra cautious, inspect the included scripts (patterns.sh, analyzer.sh, license.sh) yourself before running hooks install. Overall the skill is coherent with its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk97f26n76zy07g4vfmffghvd1184t5rf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📝 Clawdis
OSmacOS · Linux · Windows
Binsgit, bash, python3, jq
Primary envDOCCOVERAGE_LICENSE_KEY
Install
Install lefthook (git hooks manager)
Bins: lefthook
brew install lefthook