ClawHub

errorlens

v1.0.1

Error handling & exception safety analyzer -- scans codebases for empty catches, swallowed exceptions, missing error boundaries, unhandled rejections, generi...

0· 49·0 current·0 all-time
by@suhteevah
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and included scripts implement a local regex-based error-handling scanner, pre-commit hook integration (lefthook), reporting, watch/CI/team modes gated behind a license key. Required binaries (git, bash, python3, jq) and the brew lefthook install are proportionate to the described functionality.
Instruction Scope
Runtime instructions source and execute the shipped bash scripts (patterns.sh, analyzer.sh, license.sh). The pre-commit hook installs run those local scripts from $HOME/.openclaw/skills/errorlens or project lefthook.yml; thus commits will execute code from the skill directory. The analyzer reads ~/.openclaw/openclaw.json (to find a configured license key) and optional .errorlens-allowlist/.errorlens-baseline files in the repo. There are no network calls or external endpoints in the scripts; however, installing the hook grants the skill's code the ability to run on every git commit, so you must trust the shipped scripts before enabling hooks.
Install Mechanism
Install spec uses a single brew formula (lefthook), which is a known git-hook manager. No downloads from untrusted URLs or archive extraction are present. The skill's own files are supplied in the bundle (scripts, patterns, config).
Credentials
The only credential surface is ERRORLENS_LICENSE_KEY (primaryEnv) used to enable Pro/Team features; that is consistent with the pro/team features described. The license module reads the key from the environment or from ~/.openclaw/openclaw.json; it does not attempt to read unrelated secrets. An optional CLAWHUB_JWT_SECRET is only used to verify JWT signatures if present — not required for normal operation.
Persistence & Privilege
always:false and user-invocable:true (normal). Installing hooks writes/edits lefthook.yml in the repository and calls lefthook install; the skill does not request permanent platform-wide privileges beyond adding hooks to repos the user chooses. Because hooks execute the skill's scripts on commit, installing hooks grants those scripts execution on future commits — review the code before enabling hooks.
Assessment
This skill appears to do what it claims: a local, regex-based error-handling scanner with optional pre-commit hooks and license-gated features. Before installing or enabling hooks you should: (1) inspect the shipped scripts (patterns.sh, analyzer.sh, license.sh) — hooks will execute those scripts on every commit; (2) keep your license key in the environment or ~/.openclaw/openclaw.json as described and only provide a key intended for ErrorLens; (3) ensure you trust the lefthook tool (brew install lefthook) and verify any appended lefthook.yml changes in your repo. Nothing in the code attempts network exfiltration, but installing the pre-commit hook gives the skill's code execution on commits, so enable hooks only for repositories you trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk979msavpd505rpcrdn0cqz9gs84v3ac

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
OSmacOS · Linux · Windows
Binsgit, bash, python3, jq
Primary envERRORLENS_LICENSE_KEY

Install

Install lefthook (git hooks manager)
Bins: lefthook
brew install lefthook

Comments