ClawHub

Architecture Consistency Guardian

v2.0.1

Enforce system-wide consistency before code changes. Activate for any task involving: refactoring across files, unifying variable/field/parameter names, cons...

0· 108·0 current·0 all-time
by@upsightx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match what is implemented: bundled scripts perform repository-wide pattern scanning, contract-drift detection and impact summarization. No unrelated environment variables, binaries, or external services are requested; included files (grep_legacy.py, scan_contract_drift.py, summarize_impacts.py and templates/docs) are exactly what a global-consistency tool would need.
Instruction Scope
SKILL.md prescribes scanning the 'entire relevant scope' and running an 8-phase workflow including global scans, editing, residue audit and running tests. The provided scripts scan files under whatever directory you pass; they do not contact external endpoints. Caution: if an agent is pointed at a broad path (e.g., / or a home directory) it can read arbitrary files there. Also Phase 7 asks to run test suites / make commands in the target repo — those tests/Makefiles could execute arbitrary code, so review them or run in a sandbox.
Install Mechanism
Instruction-only with included Python scripts; there is no installer that downloads or extracts remote artifacts. pyproject.toml exists but no install step is required. This is low-risk from supply-chain/download perspective.
Credentials
The skill requests no environment variables, credentials, or config paths. The scripts operate on file system paths passed as arguments. No secret or unrelated credential access is requested or hard-coded.
Persistence & Privilege
Flags show always:false (not force-included) and default model invocation allowed. The skill does not attempt to modify other skills or system agent configuration. Autonomous invocation is the platform default; nothing here elevates privilege beyond that.
Assessment
This skill appears coherent and implements what it claims: repository-wide scanning and coordinated refactors. Before you install or let an agent run it, consider two practical safeguards: (1) only run scans against intended project directories (do not point it to /, your home directory, or other sensitive locations), because the scripts will read files under the directory you pass; (2) Phase 7 recommends running test suites / make targets in the project — inspect those tests/Makefiles (or run them in an isolated container) because they may execute arbitrary commands (network calls, destructive operations, etc.). If you plan to allow autonomous agent use, restrict the directories the agent can scan and/or require manual approval for any commands that execute the project's test/build steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk972933zn8gtza88d8cepqytt984tnrx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments