← Back to Skills Marketplace
suhteevah

featurelint

by suhteevah · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ Security Clean
93
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install featurelint
Description
Statically analyze code for feature flag hygiene issues like stale flags, SDK misuse, safety risks, and architecture problems before production deployment.
README (SKILL.md)

FeatureLint

Feature flag hygiene analyzer that catches stale flags, SDK misuse, safety risks, and architecture problems before they reach production.

Emoji: flag Homepage: https://featurelint.pages.dev Product: featurelint Accent: #e84393

What It Does

FeatureLint statically analyzes your codebase for feature flag hygiene issues across six categories:

  • Stale Flags (SF) — Detects hardcoded booleans, TODO-annotated flags, commented-out conditionals, and flags with past date references
  • Flag Complexity (FC) — Finds nested flag conditions, excessive branching, flag entanglement, and missing caching in loops
  • Flag Safety (FS) — Warns when flags gate authentication, payments, encryption, data deletion, or audit logging paths
  • SDK Misuse (SM) — Catches missing default values, loop evaluations, multiple SDK initializations, and missing error handling
  • Flag Lifecycle (FL) — Identifies flags without cleanup dates, abandoned experiments, 100% rollouts, and missing owner annotations
  • Flag Architecture (FA) — Detects wrong-layer evaluation, service coupling, missing registries, and leaked server-side state

90 total patterns with POSIX ERE regex matching, severity levels, and actionable recommendations.

Installation

As a Git Hook (Lefthook)

# lefthook.yml
pre-commit:
  commands:
    featurelint:
      glob: "*.{js,jsx,ts,tsx,py,rb,java,go,rs}"
      run: bash path/to/featurelint/scripts/dispatcher.sh staged --severity error

Direct CLI Usage

# Scan a directory
bash scripts/dispatcher.sh scan ./src

# Scan with JSON output
bash scripts/dispatcher.sh scan --format json --output report.json ./src

# Analyze staged files
bash scripts/dispatcher.sh staged

# Single file analysis
bash scripts/dispatcher.sh file ./src/flags.ts

# Health check
bash scripts/dispatcher.sh health

Tier System

Tier Patterns Categories Price
Free 30 Stale Flags + Flag Complexity $0
Pro 60 + Flag Safety + SDK Misuse $9/month
Team 90 + Flag Lifecycle + Flag Architecture $29/month

Activate a tier by setting your license key:

export FEATURELINT_LICENSE_KEY="FEATURELINT-XXXX-XXXX-XXXX-XXXX"

Commands

Command Description
scan Analyze a directory for feature flag issues
file Analyze a single file
staged Analyze git staged files (for pre-commit hooks)
baseline Create a baseline snapshot of current findings
compare Compare current findings against the baseline
health Run self-diagnostic health check
version Print version information
help Show usage and available options

Options

Flag Description Default
-f, --format \x3Cfmt> Output format: text, json, csv, markdown text
-o, --output \x3Cfile> Write report to file (stdout)
-s, --severity \x3Clvl> Minimum severity: error, warning, info, all all
-c, --category \x3Ccat> Filter by category code all
-t, --tier \x3Ctier> License tier: free, pro, team free
-j, --jobs \x3Cn> Parallel scan workers 4
-i, --include \x3Cglob> Include files matching pattern (all)
-e, --exclude \x3Cregex> Exclude files matching pattern (none)
-C, --context \x3Cn> Context lines around findings 2
--scan-hidden Include hidden files and directories false
--warn-exit Exit code 1 on warnings false
-v, --verbose Increase verbosity (-vv for trace) 0
-q, --quiet Suppress non-essential output false

Environment Variables

Variable Description
FEATURELINT_LICENSE_KEY License key for tier activation
FEATURELINT_TIER Override tier directly
FEATURELINT_FORMAT Default output format
FEATURELINT_SEVERITY Default severity filter
FEATURELINT_JOBS Default parallel job count

Output Formats

Text (default)

Human-readable terminal output with color-coded severity, file grouping, code context, and actionable fix recommendations.

JSON

Structured output for CI/CD integration. Includes metadata, summary counters, and a findings array with file, line, severity, check ID, description, and recommendation.

CSV

Spreadsheet-compatible output for tracking and reporting. One row per finding with all fields.

Markdown

Report template with summary tables, category breakdown, severity distribution, and a findings table. Uses the report.md.tmpl template when available.

Supported Languages

JavaScript, TypeScript, Python, Ruby, Java, Kotlin, Scala, Go, Rust, C#, F#, PHP, Swift, Dart, Vue, Svelte, Elixir, Clojure, Lua, R, YAML, JSON, TOML, XML, Terraform/HCL, and Shell.

Architecture

featurelint/
  scripts/
    dispatcher.sh    # CLI entry point and argument parsing
    analyzer.sh      # Core analysis engine and output formatters
    patterns.sh      # 90 patterns across 6 categories
    license.sh       # License validation and tier gating
  config/
    lefthook.yml     # Git hook configuration
  templates/
    report.md.tmpl   # Markdown report template
  SKILL.md           # This file

Examples

CI/CD Integration (GitHub Actions)

- name: FeatureLint
  run: |
    bash featurelint/scripts/dispatcher.sh scan \
      --format json \
      --output featurelint-report.json \
      --severity warning \
      ./src

Baseline Workflow

# Create initial baseline
bash scripts/dispatcher.sh baseline ./src

# After making changes, compare
bash scripts/dispatcher.sh compare ./src

Pre-commit with Error-Only Blocking

bash scripts/dispatcher.sh staged --severity error

Requirements

  • Bash 4.0 or later
  • Standard POSIX utilities: grep, sed, awk, find, sort, uniq, wc, cut
  • Optional: curl (for online license validation), git (for staged analysis)

License

Commercial software. Free tier available with 30 patterns. See https://featurelint.pages.dev for pricing and terms.

Usage Guidance
This skill appears to be a self-contained bash static analyzer and is internally consistent. Before installing or running it in CI, review and consider: (1) the scripts will scan files under the provided target directory — avoid pointing it at directories with secrets if you don't want local scanning of them; (2) if you set FEATURELINT_LICENSE_KEY the tool may make a short network call to https://featurelint.pages.dev/api/validate and will cache the license in ~/.cache/featurelint — only provide a license key you trust this package with; (3) because it's script-based with no install stage, you can safely inspect the included scripts locally and run them in a sandbox or ephemeral environment first. No unrelated credentials or elevated privileges are requested by the skill.
Capability Analysis
Type: OpenClaw Skill Name: featurelint Version: 1.0.1 FeatureLint is a static analysis tool designed to identify feature flag hygiene issues using Bash and standard POSIX utilities. The skill bundle includes a comprehensive set of regex patterns in `patterns.sh` and a core engine in `analyzer.sh` that supports parallel scanning and multiple output formats. While `license.sh` performs remote license validation via `curl` to a Cloudflare Pages endpoint (featurelint.pages.dev) and manages a local cache in `~/.cache/featurelint`, these behaviors are transparently documented and consistent with the tool's commercial nature. No evidence of malicious intent, unauthorized data exfiltration, or prompt injection was found.
Capability Tags
cryptocan-make-purchasesrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The name/description (feature flag hygiene static analysis) matches the included files and runtime behavior: bash-based file discovery, POSIX ERE pattern matching, and reporting. Required files, CLI flags, and license-related env vars align with a local analyzer and its tiering model.
Instruction Scope
SKILL.md instructs the agent to run the provided dispatcher/scan/analyzer scripts to inspect the codebase. The scripts operate on files found under the target directory and produce local reports — this is expected for a static analyzer. There are no instructions to read unrelated system secrets, ssh keys, or to transmit scan results to third parties.
Install Mechanism
There is no install spec; the skill is instruction/script-based and runs entirely from the included scripts. No downloads or external installers are invoked by default, which minimizes supply-chain risk.
Credentials
Environment variables declared in SKILL.md (FEATURELINT_LICENSE_KEY, FEATURELINT_TIER, FORMAT, etc.) are appropriate for a tiered product. One noteworthy behavior: when FEATURELINT_LICENSE_KEY is set the license module may perform an online validation via curl to https://featurelint.pages.dev/api/validate and will cache license state in ~/.cache/featurelint/license.cache. This is proportional to license checking but is the only network activity and is triggered only when a license key is provided.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes a small license cache under the user's home directory (~/ .cache/featurelint) which is consistent with offline/online license validation and not unexpected for this product.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install featurelint
  3. After installation, invoke the skill by name or use /featurelint
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Fix: declare all deps, JWT verification, configPaths
v1.0.0
FeatureLint 1.0.0 — initial release - Analyze codebase for feature flag hygiene issues across 6 categories and 90 patterns - Supports tiered licensing: Free, Pro, and Team with increasing pattern sets - Provides CLI interface with scan, file, staged, baseline, compare, health, and report commands - Outputs reports in text, JSON, CSV, and Markdown formats - Integrates with Git hooks and CI/CD pipelines - Supports 30+ languages with static regex analysis and actionable recommendations
Metadata
Slug featurelint
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is featurelint?

Statically analyze code for feature flag hygiene issues like stale flags, SDK misuse, safety risks, and architecture problems before production deployment. It is an AI Agent Skill for Claude Code / OpenClaw, with 93 downloads so far.

How do I install featurelint?

Run "/install featurelint" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is featurelint free?

Yes, featurelint is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does featurelint support?

featurelint is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created featurelint?

It is built and maintained by suhteevah (@suhteevah); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments