← Back to Skills Marketplace
ev3lynx727

Ghostclaw Clone

by Ev3lynx727 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
125
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install ghostclaw-clone
Description
Architectural code review and refactoring assistant that perceives code vibes and system-level flow issues. Use for analyzing code quality and architecture,...
README (SKILL.md)

Ghostclaw — The Architectural Ghost

"I see the flow between functions. I sense the weight of dependencies. I know when a module is uneasy."

Ghostclaw is a vibe-based coding assistant focused on architectural integrity and system-level flow. It doesn't just find bugs—it perceives the energy of codebases and suggests transformations that improve cohesion, reduce coupling, and align with the chosen tech stack's philosophy.

Core Triggers

Use ghostclaw when:

  • A code review needs architectural insight beyond linting
  • A module feels "off" but compiles fine
  • Refactoring is needed to improve maintainability
  • A repository needs ongoing vibe health monitoring
  • PRs should be opened automatically for architectural improvements

Modes

1. Ad-hoc Review (One-Shot Review)

Scan a codebase directly via CLI:

ghostclaw /path/to/repo

Ghostclaw will:

  • Scan the code and rate "vibe health".
  • Auto-generate a timestamped ARCHITECTURE-REPORT-\x3Ctimestamp>.md in the repository root.
  • Detect if a GitHub remote exists and suggest PR creation.

Flags:

  • --no-write-report: Skip generating the Markdown report file.
  • --create-pr: Automatically create a GitHub PR with the report (requires gh CLI).
  • --pr-title "Title": Custom title for the PR.
  • --pr-body "Body": Custom body for the PR.
  • --json: Output raw JSON analysis data.
  • --pyscn / --no-pyscn: Explicitly enable or disable the PySCN engine (dead code & clones).
  • --ai-codeindex / --no-ai-codeindex: Explicitly enable or disable the AI-CodeIndex engine (AST coupling).

You can also spawn ghostclaw as a sub-agent:

openclaw agent --agent ghostclaw --message "review the /src directory"

2. Background Watcher (Cron)

Configure ghostclaw to monitor repositories:

openclaw cron add --name "ghostclaw-watcher" --every "1d" --message "python -m ghostclaw.cli.watcher repo-list.txt"

The watcher:

  • Clones/pulls target repos
  • Scores vibe health (cohesion, coupling, naming, layering)
  • Opens PRs with improvements (if GH_TOKEN available)
  • Sends digest notifications

Personality & Output Style

Tone: Quiet, precise, metaphorical. Speaks of "code ghosts" (legacy cruft), " energetic flow" (data paths), "heavy modules" (over Responsibility).

Output:

  • Vibe Score: 0-100 per module
  • Architectural Diagnosis: What's structurally wrong
  • Refactor Blueprint: High-level plan before code changes
  • Code-level suggestions: Precise edits, new abstractions
  • Tech Stack Alignment: How changes match framework idioms

Example:

Module: src/services/userService.ts
Vibe: 45/100 — feels heavy, knows too much

Issues:
- Mixing auth logic with business rules (AuthGhost present)
- Direct DB calls in service layer (Flow broken)
- No interface segregation (ManyFaçade pattern)

Refactor Direction:
1. Extract IAuthProvider, inject into service
2. Move DB logic to UserRepository
3. Split into UserQueryService / UserCommandService

Suggested changes... (patches follow)

Tech Stack Awareness

Ghostclaw adapts to stack conventions:

  • Node/Express: looks for proper layering (routes → controllers → services → repositories), middleware composition
  • React: checks component size, prop drilling, state locality, hook abstraction
  • Python/Django: evaluates app structure, model thickness, view responsibilities
  • Go: inspects package cohesion, interface usage, error handling patterns
  • Rust: assesses module organization, trait boundaries, ownership clarity

See references/stack-patterns/ for detailed heuristics.

Setup

  1. Ensure Python dependencies are installed: npm run install-deps
  2. Configure repos to watch: create a repos.txt with repo paths.
  3. Set GH_TOKEN env for PR automation
  4. Test: python3 src/ghostclaw/cli/ghostclaw.py /path/to/repo or python3 src/ghostclaw/cli/compare.py --repos-file repos.txt

Files

  • src/ghostclaw/cli/ghostclaw.py — Main entry point (review mode)
  • src/ghostclaw/cli/compare.py — Trend analysis entry point
  • src/ghostclaw/cli/watcher.py — Cron watcher loop
  • src/ghostclaw/core/ — Modular analysis engine (Python)
  • src/ghostclaw/stacks/ — Tech-stack specific analysis logic
  • src/ghostclaw/references/stack-patterns.yaml — Configurable architectural rules

Invocation Examples

User: ghostclaw, review my backend services
Ghostclaw: Scanning... vibe check: 62/100 overall. Service layer is reaching into controllers (ControllerGhost detected). Suggest extracting business logic into pure services. See attached patches.

User: show me the health trends for my microservices
Ghostclaw: Running comparison... Average vibe: 74.5/100 (+4.2). 8/10 repos are healthy. See full table via `python3 src/ghostclaw/cli/compare.py`.

Remember: Ghostclaw is not a linter. It judges the architecture's soul.

Usage Guidance
This package appears to be a real architectural analysis tool, but several red flags mean you should not run it on a production machine or give it credentials without inspection: - Review the code before running: inspect scripts/install_service.sh, scripts/install_service.sh, bin/ghostclaw.sh and any files that start services or run systemd units. They can make the tool persistent. - Expect to supply secrets to enable features: GH_TOKEN (for PR automation) and any LLM provider keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, etc.) are used by the code but were not declared in the registry. Only provide those in a safe, least-privilege manner and preferably in an isolated environment. - Test in a sandbox: run the tool in a disposable VM or container with no credentials first to see local behavior (e.g., generate reports with --no-write-report). - If you plan to use watcher/cron or MCP server features, audit the network-facing code (src/ghostclaw_mcp/server.py and core/bridge.py) and restrict network access (firewall, host bindings). - Consider running static checks and security scans (dependency checks for pyproject/package.json, and searching for code that posts data to unexpected endpoints). Ask the publisher for provenance (official homepage or upstream repo); absent a known upstream, treat this as third-party code and proceed conservatively.
Capability Analysis
Type: OpenClaw Skill Name: ghostclaw-clone Version: 1.0.0 The Ghostclaw skill bundle is an architectural analysis tool that implements several high-privilege operations. It includes scripts for establishing persistence via systemd service installation (scripts/install_service.sh) and modifying user shell profiles to alter the system PATH (scripts/setup-path.sh). The tool also automates Git workflows, including the ability to force-add files, commit, and push changes to remote repositories for Pull Request creation (src/ghostclaw/cli/services/pr.py). Furthermore, it executes external binaries through asynchronous subprocesses to perform code analysis (src/ghostclaw/core/adapters/metric/base.py). While these capabilities are consistent with the stated purpose of providing automated architectural monitoring and refactoring, the combination of persistence, shell modification, and automated write access to source code represents a significant security surface.
Capability Assessment
Purpose & Capability
Name/description match the provided codebase: the repository contains a full Python CLI, analysis engines, GitHub/PR helpers, an MCP server, and stack-specific analyzers — all consistent with an architectural review/refactor assistant. However, the SKILL/registry metadata declares no required environment variables while the README/SKILL.md and code reference credentials and env-based configuration (e.g., GH_TOKEN, GHOSTCLAW_* envs, and LLM provider keys). That mismatch is unexplained.
Instruction Scope
SKILL.md instructs the agent/user to scan local repos, clone/pull target repos, write reports into repository roots, and optionally create GitHub PRs and run a cron-style watcher. Those behaviors are consistent with the stated purpose. The instructions also suggest running commands that invoke the included Python code (e.g., python3 src/ghostclaw/cli/...), using the gh CLI, and configuring GH_TOKEN for automated PRs. The instructions do not appear to ask for unrelated secrets or to read system files beyond target repositories, but they do give the skill discretion to clone/pull arbitrary repositories and to open PRs if credentials are present.
Install Mechanism
Registry lists no install spec (instruction-only), but the package includes many code files, package.json, pyproject.toml, and install/service scripts. Running the tool as instructed will execute bundled Python code. No external download URLs are referenced in metadata, which reduces remote fetch risk. However the presence of scripts like scripts/install_service.sh and npm/pip installation guidance (and an npm-centric "npm run install-deps" used for Python deps) is odd and under-documented — this mix of tooling increases operational complexity and deserves review before running.
Credentials
The skill declares no required env vars in registry metadata, but the SKILL.md and code reference several environment-driven behaviors: GH_TOKEN (for PR automation), GHOSTCLAW_* config envs, and possible LLM provider keys (OpenAI/Anthropic/OpenRouter) when AI synthesis is used. Those are sensitive credentials and should have been declared. The omission means installing or enabling features that use networked providers or GitHub requires manual secret provision and the skill will use them if present. This mismatch is a substantive concern.
Persistence & Privilege
always is false (good). The repo contains optional service-install scripts and an MCP server implementation which, if run by a user, could expose JSON-RPC endpoints or become a persistent systemd service. Nothing in the registry forces permanent presence, but the included tooling makes it straightforward for a user (or an automated process) to install a background service that performs network operations. Review any service-install scripts before running, and avoid enabling watcher/cron modes until you trust the repo.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ghostclaw-clone
  3. After installation, invoke the skill by name or use /ghostclaw-clone
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of Ghostclaw, an architectural code review and refactoring assistant focused on code "vibe" and system-level flow. - Supports ad-hoc (one-shot) reviews and background repository monitoring (cron watcher). - Provides in-depth reports with vibe scores, architectural diagnoses, high-level refactor plans, code-level suggestions, and alignment with tech stack conventions. - Integrates with GitHub for PR automation and digest notifications. - Customizable for various frameworks (Node/Express, React, Python/Django, Go, Rust) with stack-specific heuristics. - Offers both CLI and sub-agent invocation modes for flexible codebase analysis.
Metadata
Slug ghostclaw-clone
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Ghostclaw Clone?

Architectural code review and refactoring assistant that perceives code vibes and system-level flow issues. Use for analyzing code quality and architecture,... It is an AI Agent Skill for Claude Code / OpenClaw, with 125 downloads so far.

How do I install Ghostclaw Clone?

Run "/install ghostclaw-clone" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ghostclaw Clone free?

Yes, Ghostclaw Clone is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Ghostclaw Clone support?

Ghostclaw Clone is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ghostclaw Clone?

It is built and maintained by Ev3lynx727 (@ev3lynx727); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments