← Back to Skills Marketplace
79
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install asyncguard
Description
Async/await anti-pattern analyzer -- detects promise misuse, async resource leaks, event loop blocking, missing cancellation, async error patterns, and coord...
README (SKILL.md)
\r \r
AsyncGuard -- Async/Await Anti-Pattern Analyzer\r
\r AsyncGuard scans codebases for async/await anti-patterns, promise misuse, async resource leaks, event loop blocking, missing cancellation support, async error handling gaps, and coordination issues. It uses regex-based pattern matching against 90 async-specific patterns across 6 categories, lefthook for git hook integration, and produces markdown reports with actionable remediation guidance. 100% local. Zero telemetry.\r \r
Commands\r
\r
Free Tier (No license required)\r
\r
asyncguard scan [file|directory]\r
One-shot async safety scan of files or directories.\r \r How to execute:\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [target]\r
```\r
\r
**What it does:**\r
1. Accepts a file path or directory (defaults to current directory)\r
2. Discovers all source files (skips .git, node_modules, binaries, images, .min.js)\r
3. Runs 30 async patterns against each file (free tier limit)\r
4. Calculates an async safety score (0-100) per file and overall\r
5. Grades: A (90-100), B (80-89), C (70-79), D (60-69), F (\x3C60)\r
6. Outputs findings with: file, line number, check ID, severity, description, recommendation\r
7. Exit code 0 if score >= 70, exit code 1 if async quality is poor\r
8. Free tier limited to first 30 patterns (PM + AR categories)\r
\r
**Example usage scenarios:**\r
- "Scan my code for async issues" -> runs `asyncguard scan .`\r
- "Check this file for promise misuse" -> runs `asyncguard scan src/server.ts`\r
- "Find resource leaks in my async code" -> runs `asyncguard scan src/`\r
- "Audit async patterns in my project" -> runs `asyncguard scan .`\r
- "Check for missing cancellation" -> runs `asyncguard scan .`\r
\r
### Pro Tier ($19/user/month -- requires ASYNCGUARD_LICENSE_KEY)\r
\r
#### `asyncguard scan --tier pro [file|directory]`\r
Extended scan with 60 patterns covering promise misuse, resource leaks, event loop blocking, and cancellation.\r
\r
**How to execute:**\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [target] --tier pro\r
```\r
\r
**What it does:**\r
1. Validates Pro+ license\r
2. Runs 60 async patterns (PM, AR, EL, CA categories)\r
3. Detects event loop blocking (sync I/O, sync crypto)\r
4. Identifies missing cancellation and abort handling\r
5. Full category breakdown reporting\r
\r
#### `asyncguard scan --format json [directory]`\r
Generate JSON output for CI/CD integration.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --format json\r
```\r
\r
#### `asyncguard scan --format html [directory]`\r
Generate HTML report for browser viewing.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --format html\r
```\r
\r
#### `asyncguard scan --category EL [directory]`\r
Filter scan to a specific check category (PM, AR, EL, CA, AE, AC).\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --category EL\r
```\r
\r
### Team Tier ($39/user/month -- requires ASYNCGUARD_LICENSE_KEY with team tier)\r
\r
#### `asyncguard scan --tier team [directory]`\r
Full scan with all 90 patterns across all 6 categories including async error patterns and coordination.\r
\r
**How to execute:**\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --tier team\r
```\r
\r
**What it does:**\r
1. Validates Team+ license\r
2. Runs all 90 patterns across 6 categories\r
3. Includes async error pattern detection (swallowed rejections, async forEach, empty catch)\r
4. Includes coordination checks (unbounded concurrency, missing backpressure, no rate limit)\r
5. Full category breakdown with per-file results\r
\r
#### `asyncguard scan --verbose [directory]`\r
Verbose output showing every matched line and pattern details.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --verbose\r
```\r
\r
#### `asyncguard status`\r
Show license and configuration information.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" status\r
```\r
\r
## Check Categories\r
\r
AsyncGuard detects 90 async anti-patterns across 6 categories:\r
\r
| Category | Code | Patterns | Description | Severity Range |\r
|----------|------|----------|-------------|----------------|\r
| **Promise/Future Misuse** | PM | 15 | Unhandled promises, async executor, nested .then chains, deferred antipattern | medium -- critical |\r
| **Async Resource Leaks** | AR | 15 | Unclosed connections, missing dispose, dangling streams, leaked timers | medium -- critical |\r
| **Event Loop Blocking** | EL | 15 | Sync file I/O, sync crypto, CPU loops, sync child process | low -- critical |\r
| **Cancellation & Abortion** | CA | 15 | Missing AbortSignal, orphaned tasks, no cleanup on unmount | medium -- critical |\r
| **Async Error Patterns** | AE | 15 | Swallowed rejections, empty .catch, async forEach, missing try/catch | medium -- critical |\r
| **Async Coordination** | AC | 15 | Unbounded Promise.all, missing semaphore, no backpressure, no rate limit | medium -- critical |\r
\r
## Tier-Based Pattern Access\r
\r
| Tier | Patterns | Categories |\r
|------|----------|------------|\r
| **Free** | 30 | PM, AR |\r
| **Pro** | 60 | PM, AR, EL, CA |\r
| **Team** | 90 | PM, AR, EL, CA, AE, AC |\r
| **Enterprise** | 90 | PM, AR, EL, CA, AE, AC + priority support |\r
\r
## Scoring\r
\r
AsyncGuard uses a deductive scoring system starting at 100 (perfect):\r
\r
| Severity | Point Deduction | Description |\r
|----------|-----------------|-------------|\r
| **Critical** | -25 per finding | Severe async issue (resource leaks, unhandled rejections, blocking I/O) |\r
| **High** | -15 per finding | Significant async problem (missing cancellation, no error handler) |\r
| **Medium** | -8 per finding | Moderate concern (coordination issues, missing backpressure) |\r
| **Low** | -3 per finding | Informational / best practice suggestion |\r
\r
### Grading Scale\r
\r
| Grade | Score Range | Meaning |\r
|-------|-------------|---------|\r
| **A** | 90-100 | Excellent async code quality |\r
| **B** | 80-89 | Good async patterns with minor issues |\r
| **C** | 70-79 | Acceptable but needs improvement |\r
| **D** | 60-69 | Poor async quality |\r
| **F** | Below 60 | Critical async problems |\r
\r
- **Pass threshold:** 70 (Grade C or better)\r
- Exit code 0 = pass (score >= 70)\r
- Exit code 1 = fail (score \x3C 70)\r
\r
## Configuration\r
\r
Users can configure AsyncGuard in `~/.openclaw/openclaw.json`:\r
\r
```json\r
{\r
"skills": {\r
"entries": {\r
"asyncguard": {\r
"enabled": true,\r
"apiKey": "YOUR_LICENSE_KEY_HERE",\r
"config": {\r
"severityThreshold": "medium",\r
"ignorePatterns": ["**/test/**", "**/fixtures/**", "**/*.test.*"],\r
"ignoreChecks": [],\r
"reportFormat": "text"\r
}\r
}\r
}\r
}\r
}\r
```\r
\r
## Important Notes\r
\r
- **Free tier** works immediately with no configuration\r
- **All scanning happens locally** -- no code is sent to external servers\r
- **License validation is offline** -- no phone-home or network calls\r
- Pattern matching only -- no AST parsing, no external dependencies beyond bash\r
- Supports scanning all file types in a single pass\r
- Git hooks use **lefthook** which must be installed (see install metadata above)\r
- Exit codes: 0 = pass (score >= 70), 1 = fail (for CI/CD integration)\r
- Output formats: text (default), json, html\r
\r
## Error Handling\r
\r
- If lefthook is not installed and user tries hooks, prompt to install it\r
- If license key is invalid or expired, show clear message with link to https://asyncguard.pages.dev/renew\r
- If a file is binary, skip it automatically with no warning\r
- If no scannable files found in target, report clean scan with info message\r
- If an invalid category is specified with --category, show available categories\r
\r
## When to Use AsyncGuard\r
\r
The user might say things like:\r
- "Scan my code for async issues"\r
- "Check my promise handling"\r
- "Find resource leaks in async code"\r
- "Detect event loop blocking"\r
- "Are there any missing cancellation handlers?"\r
- "Check for unhandled promise rejections"\r
- "Audit my async error handling"\r
- "Find missing AbortController usage"\r
- "Check for synchronous I/O in async functions"\r
- "Scan for async anti-patterns"\r
- "Run an async code audit"\r
- "Generate an async safety report"\r
- "Check if my fetch calls have abort signals"\r
- "Find empty catch handlers"\r
- "Check my code for async coordination issues"\r
Usage Guidance
This skill appears to do what it says: a purely local regex-based async pattern scanner with optional git-hook integration. Before installing: 1) Decide whether you want automatic hooks in your repos — the skill will create/append a lefthook.yml and run lefthook install which can block commits/pushes. 2) The Pro/Team features require ASYNCGUARD_LICENSE_KEY or an entry in ~/.openclaw/openclaw.json; the license code will read that file. 3) There is an optional CLAWHUB_JWT_SECRET environment variable referenced by the license verifier — only set that if you trust the signing source. 4) Review the included scripts (patterns.sh) if you want to confirm which regexes will run on your code. If you do not want hooks, avoid running the hooks install command; running one-shot scans (bash scripts/dispatcher.sh ...) remains local and safe.
Capability Analysis
Type: OpenClaw Skill
Name: asyncguard
Version: 1.0.1
AsyncGuard is a legitimate static analysis tool designed to detect async/await anti-patterns in source code. The bundle operates entirely locally, using standard shell utilities like grep, find, and sed to perform regex-based pattern matching against a library of 90 async-specific rules defined in patterns.sh. License validation is performed offline by decoding JWT tokens locally using base64 and system-native JSON parsers (python3/node/jq), with no evidence of telemetry or data exfiltration. The integration with git hooks via lefthook is a documented feature for pre-commit quality checks and does not exhibit malicious persistence or backdoor behavior.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description match the delivered files and runtime behavior: shell scripts implement local pattern-based scanning, report generation, and git-hook integration. Required binaries (git, bash, python3, jq) are used by the scripts and are appropriate. The brew install of lefthook aligns with the stated git-hook feature.
Instruction Scope
SKILL.md and the scripts instruct only local actions: discovering files, running grep-based regex checks, computing scores, generating text/json/html reports, and optional hook installation. The code references only local config (~/.openclaw/openclaw.json) and local tools; there are no network calls or external endpoints invoked by the scripts.
Install Mechanism
Install spec uses a Homebrew formula (lefthook), a well-known package manager and tap. The package's own files are shipped in the skill bundle; no arbitrary downloads or remote extract/install steps are present in the provided code.
Credentials
The primary credential ASYNCGUARD_LICENSE_KEY is expected for tiered license checks and is declared. The license module also optionally reads ~/.openclaw/openclaw.json (declared in metadata) which is reasonable. One minor surprise: the license verification code conditionally uses an environment var named CLAWHUB_JWT_SECRET (not declared in requires.env) to verify JWT signatures if present — this is optional but worth noting since it's an undeclared, platform-prefixed secret that will be consulted if set.
Persistence & Privilege
always:false and normal model invocation; the skill can install lefthook git hooks (it modifies or creates lefthook.yml and runs lefthook install) which will run scans on pre-commit/pre-push in repositories. This is functionally expected for a linter but it does change repository hook state and can block commits/pushes until issues are addressed or hooks are disabled.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install asyncguard - After installation, invoke the skill by name or use
/asyncguard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Fix: declare all deps, JWT signature verification, configPaths
v1.0.0
AsyncGuard 1.0.0 — Initial release
- Scans codebases for async/await anti-patterns, promise misuse, resource leaks, event loop blocking, and more.
- Supports tiered scanning (Free, Pro, Team) with 30, 60, or 90 async-specific pattern checks.
- Outputs detailed markdown, JSON, or HTML reports with per-file results, scores, grades, and remediation advice.
- 100% local scanning, no telemetry or phoning home; license validation works offline.
- Integrates with git hooks via lefthook (optional install), works cross-platform.
- Configurable severity threshold, ignored patterns/checks, and report formats.
- Exit codes are CI-friendly for automated workflows.
Metadata
Frequently Asked Questions
What is asyncguard?
Async/await anti-pattern analyzer -- detects promise misuse, async resource leaks, event loop blocking, missing cancellation, async error patterns, and coord... It is an AI Agent Skill for Claude Code / OpenClaw, with 79 downloads so far.
How do I install asyncguard?
Run "/install asyncguard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is asyncguard free?
Yes, asyncguard is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does asyncguard support?
asyncguard is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created asyncguard?
It is built and maintained by suhteevah (@suhteevah); the current version is v1.0.1.
More Skills