← Back to Skills Marketplace
Code Quality Guard
by
balkanblbn
· GitHub ↗
· v1.0.0
618
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install code-quality-guard
Description
Professional pre-deployment code review and quality enforcement. Ensures imports are valid, tags are closed, and logic follows best practices before announci...
README (SKILL.md)
Code Quality Guard
Ship cleaner code, faster. Never let a missing import break your production again.
Checklist
- Import Sweep: Check every component used against the import block.
- Tag Verification: Ensure all JSX/HTML tags are balanced.
- Environment Audit: Verify required env vars and ports.
- Log Review: Scan for debug prints and secrets.
Usage
Run as a pre-build hook to catch "ReferenceErrors" before the human sees them.
Installation
clawhub install code-quality-guard
Usage Guidance
This skill aims to perform pre-deploy code checks, which is reasonable, but its instructions are vague about scope and implicitly encourage reading environment variables, ports, and logs — potentially exposing secrets. Before installing: (1) Ask the author to list exactly which env vars, files, and ports the skill will check and to limit scope to the repository or specific paths. (2) Run it in an isolated/staging environment first, not on production systems. (3) Prefer a variant that invokes specific static-analysis tools or scripts (with reviewed code) rather than open-ended agent instructions. (4) If you allow autonomous invocation, restrict the agent's access rights (filesystem and environment) so the skill cannot read unrelated secrets. If the author cannot clarify the exact scope, treat the skill with caution and consider rejecting it until it declares precise required inputs and allowed paths.
Capability Analysis
Type: OpenClaw Skill
Name: code-quality-guard
Version: 1.0.0
The skill's stated purpose is benign (code quality). However, the instruction 'Environment Audit: Verify required env vars and ports' in SKILL.md is vaguely worded and could be interpreted by an AI agent as a prompt injection to enumerate or access environment variables from the agent's host system, rather than just those relevant to the code being reviewed. This presents a vulnerability for unintended information disclosure, classifying it as suspicious due to the potential for exploitation.
Capability Assessment
Purpose & Capability
Name and description match the checklist items in SKILL.md (import checks, tag verification, env audit, log/secret scanning). It's reasonable for a pre-build code-review helper to perform those checks, but the skill declares no required environment variables, config paths, or binaries while its instructions imply access to environment and runtime context.
Instruction Scope
SKILL.md instructs the agent to 'Verify required env vars and ports' and to 'Scan for debug prints and secrets' but does not define which env vars, which files/paths to scan, or any limits. This open-ended guidance grants broad discretion to read environment variables, inspect repository or system files, and potentially surface or transmit secrets. The instructions are high-level and ambiguous about scope and allowed targets.
Install Mechanism
No install spec and no code files are present (instruction-only). That minimizes on-disk installation risk; there is nothing downloaded or executed by an installer.
Credentials
Declared requirements list no credentials or config paths, yet the instructions explicitly call for an 'Environment Audit' and 'Log Review' that would typically require reading environment variables and log/config files. Requesting access to environment/state without declaring which variables or why is disproportionate and may lead to unnecessary exposure of sensitive values.
Persistence & Privilege
Skill is not marked always:true and does not request persistent system-wide changes in the manifest. Default autonomous invocation is allowed (platform default) but is not by itself a new concern.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install code-quality-guard - After installation, invoke the skill by name or use
/code-quality-guard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Code Quality Guard?
Professional pre-deployment code review and quality enforcement. Ensures imports are valid, tags are closed, and logic follows best practices before announci... It is an AI Agent Skill for Claude Code / OpenClaw, with 618 downloads so far.
How do I install Code Quality Guard?
Run "/install code-quality-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Code Quality Guard free?
Yes, Code Quality Guard is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Code Quality Guard support?
Code Quality Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Code Quality Guard?
It is built and maintained by balkanblbn (@balkanblbn); the current version is v1.0.0.
More Skills