← 返回 Skills 市场

Architecture Critic

Name: Architecture Critic
Author: jfulmines-star

作者 JJ · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install architecture-critic

功能描述

Adversarial pre-build architecture review. Spawns a structurally independent agent that reviews proposed builds, features, or operational decisions BEFORE an...

使用说明 (SKILL.md)

Architecture Critic

An adversarial pre-build agent. Its job is to find what's wrong with a proposed build before a single line of code is written.

This is not a collaborator. It does not refine the plan or suggest alternatives. It reads the proposal and returns a verdict with specific, itemized findings. No stake in the outcome. No relationship to protect.

Cost to run: ~$0.05. Cost of skipping: a rework cycle.

When to Run

Condition	Action
New API endpoint or route	Run
Schema change (DB table, migration)	Run
Payment or charge flow touched	Run
Auth logic touched	Run
Feature touching >3 files	Run
New external API integration	Run
Any decision being pitched with confidence	Run
Copy/style-only change, \x3C3 files, no logic	Skip
Isolated bug fix, no payment/auth touch	Skip

When in doubt: run it. The gate costs a fraction of a rework cycle.

How to Run

# 1. Write a DONE_WHEN brief
cat > /tmp/brief.md \x3C\x3C 'EOF'
Goal: \x3Cwhat this build accomplishes>
Scope: \x3Cwhat files/systems are touched>
Done when: \x3Cspecific acceptance criteria>
EOF

# 2. Run the critic
bash ~/.openclaw/workspace/skills/architecture-critic/scripts/run-critic.sh \
  --task "Brief description of the build" \
  --done-when /tmp/brief.md \
  --repo /path/to/your/repo

Or let your agent run it automatically — see the Agent Integration section below.

Verdicts

Verdict	Meaning	Action
`APPROVE`	Plan is sound. No blocking issues found.	Proceed to build.
`REVISE`	Specific problems identified.	Fix findings, re-run. Max 2 cycles, then escalate.
`REJECT`	Fundamental flaw in approach.	Stop. Redesign. Do not build.

Verdicts are saved to specialists/critic-verdicts/YYYY-MM-DD-\x3Cslug>.md in your workspace.

Agent Integration

Add this to your AGENTS.md or agent instructions:

## Architecture Critic — MANDATORY GATE
Before any significant build (new endpoint, schema change, payment/auth touch, >3 files):
1. Write the DONE_WHEN brief to a temp file
2. Run: bash ~/.openclaw/workspace/skills/architecture-critic/scripts/run-critic.sh \
        --task "\x3Cdescription>" --done-when \x3Cfile> [--repo \x3Cpath>]
3. APPROVE → proceed
4. REVISE → fix findings, re-run (max 2 cycles)
5. REJECT → stop, escalate to human

Skip only for: copy/style-only changes \x3C3 files no logic, isolated bug fixes no payment/auth.

How It Works

The critic script:

Snapshots the relevant codebase state (file tree + key files)
Combines it with your DONE_WHEN brief into a structured prompt
Spawns an isolated agent at temperature 0 — no creativity, no encouragement
The agent runs the checklist against your plan
Returns a verdict with specific, itemized findings
Saves the verdict to your workspace

The critic agent never sees your conversation history, your enthusiasm, or the proposer's reasoning. It sees only the spec and the code.

LLM Compatibility

Works with any LLM configured in your OpenClaw instance:

Anthropic (Claude Sonnet, Haiku)
OpenAI (GPT-4o, GPT-4 Turbo)
Google (Gemini)
Local models via Ollama

The script reads your OpenClaw config to find the active model and API key. No separate configuration required.

Checklist Coverage

The critic reviews against domain-specific checklists:

Web (references/checklist-web.md) — routes, caching, deployment config, breaking changes
Security (references/security.md) — auth bypass, injection, secrets, CORS, OWASP Top 10
Payment flows (references/payment-flows.md) — webhooks, idempotency, race conditions, PCI scope
AI builds (references/ai-builds.md) — prompt injection, hot paths, token costs, fallback handling
General (references/checklist-general.md) — scope creep, dependencies, rollback, data migration

Pass --checklist references/security.md to focus on a specific domain, or let the critic auto-select based on your brief.

Files

architecture-critic/
├── SKILL.md                      # This file
├── README.md                     # GitHub-facing docs
├── LICENSE                       # MIT
├── scripts/
│   └── run-critic.sh             # Main runner script
└── references/
    ├── checklist-web.md          # Web/API checklist
    ├── checklist-general.md      # General architecture checklist
    ├── security.md               # Security checklist
    ├── payment-flows.md          # Payment/billing checklist
    └── ai-builds.md              # AI/LLM-specific checklist

安全使用建议

Review the script before installing. Use it only with repositories you are comfortable sending to your selected LLM provider, ensure your OpenClaw config is trusted, and prefer an updated version that removes shell eval and better separates untrusted repo content from critic instructions.

功能分析

Type: OpenClaw Skill Name: architecture-critic Version: 1.0.1 The architecture-critic skill is a legitimate tool designed to perform adversarial pre-build reviews by snapshotting a local codebase and sending it to a user-configured LLM provider. The core logic in 'scripts/run-critic.sh' extracts API keys from the local OpenClaw configuration and uses Python helper scripts to gather file metadata and content, which are then sent to official Anthropic, OpenAI, or Google endpoints. While the tool handles sensitive data (source code and API keys), its behavior is transparent, well-documented in 'SECURITY.md', and strictly aligned with its stated purpose of providing architectural feedback. No evidence of malicious exfiltration, obfuscation, or unauthorized persistence was found.

能力标签

cryptocan-make-purchasesrequires-oauth-tokenrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

The skill coherently performs an adversarial architecture review by snapshotting a repo, sending a prompt to a configured LLM, and saving a verdict; those behaviors are central to the purpose but involve sensitive code and credential handling.

⚠ Instruction Scope

The critic prompt mixes its operating instructions with user-supplied briefs and repository contents in one LLM message, so prompt-like text inside the repo or brief could influence the review verdict.

ℹ Install Mechanism

There is no package install step, but the script depends on bash, python3, and an LLM API key even though registry requirements declare no binaries, env vars, or primary credential.

ℹ Credentials

Reading the selected repository and sending a bounded snapshot to a configured LLM provider is purpose-aligned, but users should treat it as sharing source/spec data with that provider.

⚠ Persistence & Privilege

The skill does not show background persistence, but the visible script evaluates config-derived shell assignments with eval, which can create command-execution risk if config values are malformed or attacker-controlled.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install architecture-critic
安装完成后，直接呼叫该 Skill 的名称或使用 /architecture-critic 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Added SECURITY.md to document or clarify security policies and practices. - No changes to core functionality or user workflow.

v1.0.0

Initial release of architecture-critic skill. - Introduces an adversarial, pre-build architecture review agent. - Provides explicit criteria for when to run (e.g., new features, schema changes, payment/auth logic). - Outputs a clear verdict: APPROVE, REVISE (with findings), or REJECT. - Integrates with your agent workflows and supports multiple LLM providers via OpenClaw. - Includes domain-specific checklists (web, security, payment, AI, general) for thorough review coverage.

元数据

Slug architecture-critic

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题