← Back to Skills Marketplace
86
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install eventlint
Description
Event & message queue anti-pattern analyzer -- detects producer/consumer issues, schema problems, dead letter queue gaps, ordering failures, and observabilit...
README (SKILL.md)
\r \r
EventLint -- Event & Message Queue Anti-Pattern Analyzer\r
\r EventLint scans codebases for event-driven architecture anti-patterns, producer/consumer issues, schema validation gaps, dead letter queue misconfigurations, ordering and delivery failures, and observability gaps across Kafka, RabbitMQ, SQS, NATS, and Redis Pub/Sub. It uses regex-based pattern matching against 90 event-specific patterns across 6 categories, lefthook for git hook integration, and produces markdown reports with actionable remediation guidance. 100% local. Zero telemetry.\r \r
Commands\r
\r
Free Tier (No license required)\r
\r
eventlint scan [file|directory]\r
One-shot event architecture quality scan of files or directories.\r \r How to execute:\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [target]\r
```\r
\r
**What it does:**\r
1. Accepts a file path or directory (defaults to current directory)\r
2. Discovers all source files (skips .git, node_modules, binaries, images, .min.js)\r
3. Runs 30 event architecture patterns against each file (free tier limit)\r
4. Calculates an event architecture quality score (0-100) per file and overall\r
5. Grades: A (90-100), B (80-89), C (70-79), D (60-69), F (\x3C60)\r
6. Outputs findings with: file, line number, check ID, severity, description, recommendation\r
7. Exit code 0 if score >= 70, exit code 1 if event quality is poor\r
8. Free tier limited to first 30 patterns (PP + CP categories)\r
\r
**Example usage scenarios:**\r
- "Scan my code for event issues" -> runs `eventlint scan .`\r
- "Check this file for consumer anti-patterns" -> runs `eventlint scan src/consumer.ts`\r
- "Find missing dead letter queues" -> runs `eventlint scan src/`\r
- "Audit my Kafka configuration" -> runs `eventlint scan .`\r
- "Check for message ordering problems" -> runs `eventlint scan .`\r
\r
### Pro Tier ($19/user/month -- requires EVENTLINT_LICENSE_KEY)\r
\r
#### `eventlint scan --tier pro [file|directory]`\r
Extended scan with 60 patterns covering producer, consumer, schema, and dead letter patterns.\r
\r
**How to execute:**\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [target] --tier pro\r
```\r
\r
**What it does:**\r
1. Validates Pro+ license\r
2. Runs 60 event architecture patterns (PP, CP, MS, ED categories)\r
3. Detects schema validation gaps and breaking changes\r
4. Identifies dead letter queue misconfigurations\r
5. Full category breakdown reporting\r
\r
#### `eventlint scan --format json [directory]`\r
Generate JSON output for CI/CD integration.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --format json\r
```\r
\r
#### `eventlint scan --format html [directory]`\r
Generate HTML report for browser viewing.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --format html\r
```\r
\r
#### `eventlint scan --category ED [directory]`\r
Filter scan to a specific check category (PP, CP, MS, ED, OD, EO).\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --category ED\r
```\r
\r
### Team Tier ($39/user/month -- requires EVENTLINT_LICENSE_KEY with team tier)\r
\r
#### `eventlint scan --tier team [directory]`\r
Full scan with all 90 patterns across all 6 categories including ordering/delivery and observability.\r
\r
**How to execute:**\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --tier team\r
```\r
\r
**What it does:**\r
1. Validates Team+ license\r
2. Runs all 90 patterns across 6 categories\r
3. Includes ordering & delivery detection (dual-write, missing outbox, race conditions)\r
4. Includes event observability checks (no tracing, missing metrics, no audit trail)\r
5. Full category breakdown with per-file results\r
\r
#### `eventlint scan --verbose [directory]`\r
Verbose output showing every matched line and pattern details.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --verbose\r
```\r
\r
#### `eventlint status`\r
Show license and configuration information.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" status\r
```\r
\r
## Check Categories\r
\r
EventLint detects 90 event architecture anti-patterns across 6 categories:\r
\r
| Category | Code | Patterns | Description | Severity Range |\r
|----------|------|----------|-------------|----------------|\r
| **Producer Patterns** | PP | 15 | Fire-and-forget publish, missing keys, no schema validation, acks=0 | medium -- critical |\r
| **Consumer Patterns** | CP | 15 | No idempotency, auto-ack, unbounded prefetch, blocking handlers | low -- critical |\r
| **Message Schema** | MS | 15 | No schema registry, unversioned, breaking changes, loose typing | low -- critical |\r
| **Error & Dead Letter** | ED | 15 | Missing DLQ, infinite redelivery, swallowed exceptions, no poison handling | low -- critical |\r
| **Ordering & Delivery** | OD | 15 | Dual-write, no outbox, missing dedup, saga without timeout | low -- critical |\r
| **Event Observability** | EO | 15 | No tracing, missing metrics, no audit trail, no alerting | low -- medium |\r
\r
## Tier-Based Pattern Access\r
\r
| Tier | Patterns | Categories |\r
|------|----------|------------|\r
| **Free** | 30 | PP, CP |\r
| **Pro** | 60 | PP, CP, MS, ED |\r
| **Team** | 90 | PP, CP, MS, ED, OD, EO |\r
| **Enterprise** | 90 | PP, CP, MS, ED, OD, EO + priority support |\r
\r
## Scoring\r
\r
EventLint uses a deductive scoring system starting at 100 (perfect):\r
\r
| Severity | Point Deduction | Description |\r
|----------|-----------------|-------------|\r
| **Critical** | -25 per finding | Severe reliability issue (message loss, infinite redelivery, dual-write) |\r
| **High** | -15 per finding | Significant event problem (missing DLQ, auto-ack, no idempotency) |\r
| **Medium** | -8 per finding | Moderate concern (missing correlation ID, unversioned schema) |\r
| **Low** | -3 per finding | Informational / best practice suggestion |\r
\r
### Grading Scale\r
\r
| Grade | Score Range | Meaning |\r
|-------|-------------|---------|\r
| **A** | 90-100 | Excellent event architecture quality |\r
| **B** | 80-89 | Good architecture with minor issues |\r
| **C** | 70-79 | Acceptable but needs improvement |\r
| **D** | 60-69 | Poor event architecture quality |\r
| **F** | Below 60 | Critical event architecture problems |\r
\r
- **Pass threshold:** 70 (Grade C or better)\r
- Exit code 0 = pass (score >= 70)\r
- Exit code 1 = fail (score \x3C 70)\r
\r
## Configuration\r
\r
Users can configure EventLint in `~/.openclaw/openclaw.json`:\r
\r
```json\r
{\r
"skills": {\r
"entries": {\r
"eventlint": {\r
"enabled": true,\r
"apiKey": "YOUR_LICENSE_KEY_HERE",\r
"config": {\r
"severityThreshold": "medium",\r
"ignorePatterns": ["**/test/**", "**/fixtures/**", "**/*.test.*"],\r
"ignoreChecks": [],\r
"reportFormat": "text"\r
}\r
}\r
}\r
}\r
}\r
```\r
\r
## Important Notes\r
\r
- **Free tier** works immediately with no configuration\r
- **All scanning happens locally** -- no code is sent to external servers\r
- **License validation is offline** -- no phone-home or network calls\r
- Pattern matching only -- no AST parsing, no external dependencies beyond bash\r
- Supports scanning all file types in a single pass\r
- Git hooks use **lefthook** which must be installed (see install metadata above)\r
- Exit codes: 0 = pass (score >= 70), 1 = fail (for CI/CD integration)\r
- Output formats: text (default), json, html\r
\r
## Error Handling\r
\r
- If lefthook is not installed and user tries hooks, prompt to install it\r
- If license key is invalid or expired, show clear message with link to https://eventlint.pages.dev/renew\r
- If a file is binary, skip it automatically with no warning\r
- If no scannable files found in target, report clean scan with info message\r
- If an invalid category is specified with --category, show available categories\r
\r
## When to Use EventLint\r
\r
The user might say things like:\r
- "Scan my code for event issues"\r
- "Check my message queue patterns"\r
- "Find missing dead letter queues"\r
- "Detect fire-and-forget publishing"\r
- "Are there any consumer anti-patterns?"\r
- "Check for schema validation gaps"\r
- "Audit my Kafka configuration"\r
- "Find ordering and delivery issues"\r
- "Check for dual-write problems"\r
- "Scan for event observability gaps"\r
- "Run an event architecture audit"\r
- "Generate an event quality report"\r
- "Check if my consumers have idempotency"\r
- "Find missing DLQ configuration"\r
- "Check my code for auto-ack issues"\r
Usage Guidance
This skill appears to do what it says: local regex-based scanning for event-driven anti-patterns and optional integration with git hooks. Before installing or enabling hooks: (1) review the lefthook.yml it will add or append to your repo (hooks install modifies repository files), (2) only provide EVENTLINT_LICENSE_KEY if you trust the publisher (the key is used locally or read from ~/.openclaw/openclaw.json), and (3) confirm you want lefthook installed via brew. If you only want one-off scans, run the dispatcher.sh/scan.sh commands directly without installing hooks. Also be aware regex-based linters can produce false positives; review pattern definitions in scripts/patterns.sh if concerned about noisy results.
Capability Analysis
Type: OpenClaw Skill
Name: eventlint
Version: 1.0.1
The skill bundle appears to be a legitimate event-driven architecture linter, but it contains a high-risk command injection vulnerability in the license validation logic. Specifically, in `scripts/license.sh`, the `extract_field` and `decode_jwt_payload` functions use `python3 -c` and `node -e` to parse JSON data from the license key by wrapping the payload in single quotes; a crafted license key containing single quotes could break out of the string literal and execute arbitrary code on the host. While there is no evidence of intentional malice or data exfiltration, the use of unsanitized shell execution for parsing untrusted license strings is a significant security flaw.
Capability Tags
Capability Assessment
Purpose & Capability
The skill name/description (event architecture linting) aligns with required binaries (git, bash, python3, jq), the license key, lefthook install, and the provided pattern-based scanning scripts. Required items (lefthook for git hooks, python3/jq for JSON parsing) are proportionate to the declared features.
Instruction Scope
Runtime instructions and scripts operate locally: file discovery, grep-based regex matching, scoring, and report generation. They do read a local config (~/.openclaw/openclaw.json) to find a license key if env var is not set, and the optional 'hooks install' flow modifies the repository's lefthook.yml and runs lefthook install (which changes repo config). This behavior is expected but worth noting before installing hooks.
Install Mechanism
Install spec only requests installing the well-known 'lefthook' brew formula. No downloads from arbitrary URLs or archive extraction are present. The skill's code is delivered as shell scripts (no remote installers) so installation risk is low.
Credentials
The single primary credential EVENTLINT_LICENSE_KEY is justified by tiered license checks. The license module also looks in ~/.openclaw/openclaw.json (declared in SKILL.md) as a fallback and optionally uses CLAWHUB_JWT_SECRET for signature verification — the latter is optional and not required for normal use. No unrelated secrets or broad cloud credentials are requested.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistent privileges. The only persistent side-effect is optional modification of a project's lefthook.yml when the user runs the hooks installation command, which is consistent with the stated git-hook integration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install eventlint - After installation, invoke the skill by name or use
/eventlint - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Fix: declare all deps, JWT verification, configPaths
v1.0.0
EventLint 1.0.0 – Initial Release
- Scans codebases for event-driven architecture anti-patterns across Kafka, RabbitMQ, SQS, NATS, and Redis Pub/Sub.
- Detects issues in producer/consumer logic, schema validation, dead letter queues, ordering, and observability (up to 90 patterns in 6 categories).
- Provides tiered scanning: Free (30 patterns), Pro (60), and Team (90), with local-only, zero-telemetry analysis.
- Supports various output formats (text, JSON, HTML) and integrates with git hooks via lefthook.
- Assigns quality scores and grades (A–F) and provides per-file, actionable feedback.
- All analysis and license validation are performed offline for privacy and security.
Metadata
Frequently Asked Questions
What is eventlint?
Event & message queue anti-pattern analyzer -- detects producer/consumer issues, schema problems, dead letter queue gaps, ordering failures, and observabilit... It is an AI Agent Skill for Claude Code / OpenClaw, with 86 downloads so far.
How do I install eventlint?
Run "/install eventlint" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is eventlint free?
Yes, eventlint is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does eventlint support?
eventlint is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created eventlint?
It is built and maintained by suhteevah (@suhteevah); the current version is v1.0.1.
More Skills