Lint
ReviewAudited by ClawScan on May 10, 2026.
Overview
Review before relying on this skill: it appears to be a local logging tool, not an actual linter or CI enforcement tool.
Install only if you want a local logbook for lint-related notes. If you need real code checking, style enforcement, auto-fixes, or CI gating, use an actual linter and treat this skill’s logs as audit notes rather than validation results.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent may think code has been checked or style-enforced when the skill has only logged a note, potentially allowing errors to pass review.
The stated purpose implies real linting, fixing, and CI enforcement, while the documented behavior is only recording timestamped text entries.
description: "Check code syntax, enforce style, and suggest auto-fixes with CI integration..." ... "pass input text to record a new timestamped entry"
Do not rely on this skill as a real linter or CI gate unless it is renamed/re-described as a logging tool or paired with actual linting commands.
Information entered into the skill may remain on disk and later appear in searches, recent history, or exports.
The skill persistently stores user-provided linting notes and history, which may include sensitive code-review details.
All data is stored locally in `~/.local/share/lint/`... A unified `history.log` records every action with timestamps.
Avoid entering secrets, credentials, or sensitive proprietary snippets, and periodically clear the local data directory if needed.
Users may be unclear whether the Bash script is installed, invoked, or merely included as a helper.
The package includes executable shell code even though the install metadata says there is no install mechanism.
No install spec — this is an instruction-only skill. ... Code file presence: scripts/script.sh
Clarify the install path and declare the Bash/Unix utility requirements in metadata.
Malformed or specially crafted entries could break exported reports or affect downstream dashboards that consume them.
User-provided log values are written into JSON and CSV exports without visible escaping in the provided code.
printf ' {"type":"%s","time":"%s","value":"%s"}' "$name" "$ts" "$val" ... echo "$name,$ts,$val" >> "$out"Escape JSON/CSV fields properly before exporting, especially if exports are used in CI dashboards or shared reports.