migratesafe
v1.0.2Database migration safety checker — catches destructive migrations before they reach production
⭐ 0· 47·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (database migration safety checking) aligns with the shipped scripts, patterns, and CLI commands. Required binaries (git, bash, python3, jq) are used by the scripts. The brew install of lefthook matches the documented behavior for installing pre-commit hooks.
Instruction Scope
Runtime instructions and SKILL.md are narrowly scoped to scanning migration files, installing/removing lefthook hooks, and generating reports. The pre-commit hook will source the packaged patterns and analyzer scripts from the skill directory and run a local scan on staged files; it does not perform network calls. Note: the tool reads ~/.openclaw/openclaw.json for configuration/license, which is declared in metadata.
Install Mechanism
Install spec only pulls in lefthook via Homebrew (formula: lefthook) which is an expected dependency for git hook integration. There are no downloads from unknown URLs or extract-and-run archive steps in the package.
Credentials
Primary credential MIGRATESAFE_LICENSE_KEY is appropriate for the Pro/Team features. The license code optionally looks for CLAWHUB_JWT_SECRET (to verify JWT signatures) and may invoke node/openssl if available; CLAWHUB_JWT_SECRET is not declared in requires.env (it's optional), and node/openssl are optional runtime helpers — this is not required for normal operation but is worth being aware of.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The hooks install command will create or append to a repository-level lefthook.yml and run lefthook install — this modifies repo configuration (expected for a hooks tool). The skill does not request permanent platform-wide privileges or modify other skills' configs.
Assessment
This package appears to do exactly what it claims: local regex-based scanning of migration files plus optional git hook installation. Before installing: 1) If you plan to use hooks, be prepared for the tool to create or append to lefthook.yml in your repo root (it runs lefthook install). 2) The Pro/Team features require a MIGRATESAFE_LICENSE_KEY (stored in env or ~/.openclaw/openclaw.json); the license validator can optionally verify JWT signatures if you set CLAWHUB_JWT_SECRET — do not set secrets you don't trust. 3) The tool may call optional binaries (node, openssl) if present; no network calls or exfiltration are present in the shipped scripts. If you want maximal control, inspect scripts/analyzer.sh and scripts/license.sh locally before enabling hooks or setting a license key.Like a lobster shell, security has layers — review code before you run it.
latestvk97erhzv1ysehrmk594akdv6x984vwyb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🗄️ Clawdis
OSmacOS · Linux · Windows
Binsgit, bash, python3, jq
Primary envMIGRATESAFE_LICENSE_KEY
Install
Install lefthook (git hooks manager)
Bins: lefthook
brew install lefthook