← 返回 Skills 市场
86
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install eventlint
功能描述
Event & message queue anti-pattern analyzer -- detects producer/consumer issues, schema problems, dead letter queue gaps, ordering failures, and observabilit...
使用说明 (SKILL.md)
\r \r
EventLint -- Event & Message Queue Anti-Pattern Analyzer\r
\r EventLint scans codebases for event-driven architecture anti-patterns, producer/consumer issues, schema validation gaps, dead letter queue misconfigurations, ordering and delivery failures, and observability gaps across Kafka, RabbitMQ, SQS, NATS, and Redis Pub/Sub. It uses regex-based pattern matching against 90 event-specific patterns across 6 categories, lefthook for git hook integration, and produces markdown reports with actionable remediation guidance. 100% local. Zero telemetry.\r \r
Commands\r
\r
Free Tier (No license required)\r
\r
eventlint scan [file|directory]\r
One-shot event architecture quality scan of files or directories.\r \r How to execute:\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [target]\r
```\r
\r
**What it does:**\r
1. Accepts a file path or directory (defaults to current directory)\r
2. Discovers all source files (skips .git, node_modules, binaries, images, .min.js)\r
3. Runs 30 event architecture patterns against each file (free tier limit)\r
4. Calculates an event architecture quality score (0-100) per file and overall\r
5. Grades: A (90-100), B (80-89), C (70-79), D (60-69), F (\x3C60)\r
6. Outputs findings with: file, line number, check ID, severity, description, recommendation\r
7. Exit code 0 if score >= 70, exit code 1 if event quality is poor\r
8. Free tier limited to first 30 patterns (PP + CP categories)\r
\r
**Example usage scenarios:**\r
- "Scan my code for event issues" -> runs `eventlint scan .`\r
- "Check this file for consumer anti-patterns" -> runs `eventlint scan src/consumer.ts`\r
- "Find missing dead letter queues" -> runs `eventlint scan src/`\r
- "Audit my Kafka configuration" -> runs `eventlint scan .`\r
- "Check for message ordering problems" -> runs `eventlint scan .`\r
\r
### Pro Tier ($19/user/month -- requires EVENTLINT_LICENSE_KEY)\r
\r
#### `eventlint scan --tier pro [file|directory]`\r
Extended scan with 60 patterns covering producer, consumer, schema, and dead letter patterns.\r
\r
**How to execute:**\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [target] --tier pro\r
```\r
\r
**What it does:**\r
1. Validates Pro+ license\r
2. Runs 60 event architecture patterns (PP, CP, MS, ED categories)\r
3. Detects schema validation gaps and breaking changes\r
4. Identifies dead letter queue misconfigurations\r
5. Full category breakdown reporting\r
\r
#### `eventlint scan --format json [directory]`\r
Generate JSON output for CI/CD integration.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --format json\r
```\r
\r
#### `eventlint scan --format html [directory]`\r
Generate HTML report for browser viewing.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --format html\r
```\r
\r
#### `eventlint scan --category ED [directory]`\r
Filter scan to a specific check category (PP, CP, MS, ED, OD, EO).\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --category ED\r
```\r
\r
### Team Tier ($39/user/month -- requires EVENTLINT_LICENSE_KEY with team tier)\r
\r
#### `eventlint scan --tier team [directory]`\r
Full scan with all 90 patterns across all 6 categories including ordering/delivery and observability.\r
\r
**How to execute:**\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --tier team\r
```\r
\r
**What it does:**\r
1. Validates Team+ license\r
2. Runs all 90 patterns across 6 categories\r
3. Includes ordering & delivery detection (dual-write, missing outbox, race conditions)\r
4. Includes event observability checks (no tracing, missing metrics, no audit trail)\r
5. Full category breakdown with per-file results\r
\r
#### `eventlint scan --verbose [directory]`\r
Verbose output showing every matched line and pattern details.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" --path [directory] --verbose\r
```\r
\r
#### `eventlint status`\r
Show license and configuration information.\r
\r
```bash\r
bash "\x3CSKILL_DIR>/scripts/dispatcher.sh" status\r
```\r
\r
## Check Categories\r
\r
EventLint detects 90 event architecture anti-patterns across 6 categories:\r
\r
| Category | Code | Patterns | Description | Severity Range |\r
|----------|------|----------|-------------|----------------|\r
| **Producer Patterns** | PP | 15 | Fire-and-forget publish, missing keys, no schema validation, acks=0 | medium -- critical |\r
| **Consumer Patterns** | CP | 15 | No idempotency, auto-ack, unbounded prefetch, blocking handlers | low -- critical |\r
| **Message Schema** | MS | 15 | No schema registry, unversioned, breaking changes, loose typing | low -- critical |\r
| **Error & Dead Letter** | ED | 15 | Missing DLQ, infinite redelivery, swallowed exceptions, no poison handling | low -- critical |\r
| **Ordering & Delivery** | OD | 15 | Dual-write, no outbox, missing dedup, saga without timeout | low -- critical |\r
| **Event Observability** | EO | 15 | No tracing, missing metrics, no audit trail, no alerting | low -- medium |\r
\r
## Tier-Based Pattern Access\r
\r
| Tier | Patterns | Categories |\r
|------|----------|------------|\r
| **Free** | 30 | PP, CP |\r
| **Pro** | 60 | PP, CP, MS, ED |\r
| **Team** | 90 | PP, CP, MS, ED, OD, EO |\r
| **Enterprise** | 90 | PP, CP, MS, ED, OD, EO + priority support |\r
\r
## Scoring\r
\r
EventLint uses a deductive scoring system starting at 100 (perfect):\r
\r
| Severity | Point Deduction | Description |\r
|----------|-----------------|-------------|\r
| **Critical** | -25 per finding | Severe reliability issue (message loss, infinite redelivery, dual-write) |\r
| **High** | -15 per finding | Significant event problem (missing DLQ, auto-ack, no idempotency) |\r
| **Medium** | -8 per finding | Moderate concern (missing correlation ID, unversioned schema) |\r
| **Low** | -3 per finding | Informational / best practice suggestion |\r
\r
### Grading Scale\r
\r
| Grade | Score Range | Meaning |\r
|-------|-------------|---------|\r
| **A** | 90-100 | Excellent event architecture quality |\r
| **B** | 80-89 | Good architecture with minor issues |\r
| **C** | 70-79 | Acceptable but needs improvement |\r
| **D** | 60-69 | Poor event architecture quality |\r
| **F** | Below 60 | Critical event architecture problems |\r
\r
- **Pass threshold:** 70 (Grade C or better)\r
- Exit code 0 = pass (score >= 70)\r
- Exit code 1 = fail (score \x3C 70)\r
\r
## Configuration\r
\r
Users can configure EventLint in `~/.openclaw/openclaw.json`:\r
\r
```json\r
{\r
"skills": {\r
"entries": {\r
"eventlint": {\r
"enabled": true,\r
"apiKey": "YOUR_LICENSE_KEY_HERE",\r
"config": {\r
"severityThreshold": "medium",\r
"ignorePatterns": ["**/test/**", "**/fixtures/**", "**/*.test.*"],\r
"ignoreChecks": [],\r
"reportFormat": "text"\r
}\r
}\r
}\r
}\r
}\r
```\r
\r
## Important Notes\r
\r
- **Free tier** works immediately with no configuration\r
- **All scanning happens locally** -- no code is sent to external servers\r
- **License validation is offline** -- no phone-home or network calls\r
- Pattern matching only -- no AST parsing, no external dependencies beyond bash\r
- Supports scanning all file types in a single pass\r
- Git hooks use **lefthook** which must be installed (see install metadata above)\r
- Exit codes: 0 = pass (score >= 70), 1 = fail (for CI/CD integration)\r
- Output formats: text (default), json, html\r
\r
## Error Handling\r
\r
- If lefthook is not installed and user tries hooks, prompt to install it\r
- If license key is invalid or expired, show clear message with link to https://eventlint.pages.dev/renew\r
- If a file is binary, skip it automatically with no warning\r
- If no scannable files found in target, report clean scan with info message\r
- If an invalid category is specified with --category, show available categories\r
\r
## When to Use EventLint\r
\r
The user might say things like:\r
- "Scan my code for event issues"\r
- "Check my message queue patterns"\r
- "Find missing dead letter queues"\r
- "Detect fire-and-forget publishing"\r
- "Are there any consumer anti-patterns?"\r
- "Check for schema validation gaps"\r
- "Audit my Kafka configuration"\r
- "Find ordering and delivery issues"\r
- "Check for dual-write problems"\r
- "Scan for event observability gaps"\r
- "Run an event architecture audit"\r
- "Generate an event quality report"\r
- "Check if my consumers have idempotency"\r
- "Find missing DLQ configuration"\r
- "Check my code for auto-ack issues"\r
安全使用建议
This skill appears to do what it says: local regex-based scanning for event-driven anti-patterns and optional integration with git hooks. Before installing or enabling hooks: (1) review the lefthook.yml it will add or append to your repo (hooks install modifies repository files), (2) only provide EVENTLINT_LICENSE_KEY if you trust the publisher (the key is used locally or read from ~/.openclaw/openclaw.json), and (3) confirm you want lefthook installed via brew. If you only want one-off scans, run the dispatcher.sh/scan.sh commands directly without installing hooks. Also be aware regex-based linters can produce false positives; review pattern definitions in scripts/patterns.sh if concerned about noisy results.
功能分析
Type: OpenClaw Skill
Name: eventlint
Version: 1.0.1
The skill bundle appears to be a legitimate event-driven architecture linter, but it contains a high-risk command injection vulnerability in the license validation logic. Specifically, in `scripts/license.sh`, the `extract_field` and `decode_jwt_payload` functions use `python3 -c` and `node -e` to parse JSON data from the license key by wrapping the payload in single quotes; a crafted license key containing single quotes could break out of the string literal and execute arbitrary code on the host. While there is no evidence of intentional malice or data exfiltration, the use of unsanitized shell execution for parsing untrusted license strings is a significant security flaw.
能力标签
能力评估
Purpose & Capability
The skill name/description (event architecture linting) aligns with required binaries (git, bash, python3, jq), the license key, lefthook install, and the provided pattern-based scanning scripts. Required items (lefthook for git hooks, python3/jq for JSON parsing) are proportionate to the declared features.
Instruction Scope
Runtime instructions and scripts operate locally: file discovery, grep-based regex matching, scoring, and report generation. They do read a local config (~/.openclaw/openclaw.json) to find a license key if env var is not set, and the optional 'hooks install' flow modifies the repository's lefthook.yml and runs lefthook install (which changes repo config). This behavior is expected but worth noting before installing hooks.
Install Mechanism
Install spec only requests installing the well-known 'lefthook' brew formula. No downloads from arbitrary URLs or archive extraction are present. The skill's code is delivered as shell scripts (no remote installers) so installation risk is low.
Credentials
The single primary credential EVENTLINT_LICENSE_KEY is justified by tiered license checks. The license module also looks in ~/.openclaw/openclaw.json (declared in SKILL.md) as a fallback and optionally uses CLAWHUB_JWT_SECRET for signature verification — the latter is optional and not required for normal use. No unrelated secrets or broad cloud credentials are requested.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistent privileges. The only persistent side-effect is optional modification of a project's lefthook.yml when the user runs the hooks installation command, which is consistent with the stated git-hook integration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install eventlint - 安装完成后,直接呼叫该 Skill 的名称或使用
/eventlint触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Fix: declare all deps, JWT verification, configPaths
v1.0.0
EventLint 1.0.0 – Initial Release
- Scans codebases for event-driven architecture anti-patterns across Kafka, RabbitMQ, SQS, NATS, and Redis Pub/Sub.
- Detects issues in producer/consumer logic, schema validation, dead letter queues, ordering, and observability (up to 90 patterns in 6 categories).
- Provides tiered scanning: Free (30 patterns), Pro (60), and Team (90), with local-only, zero-telemetry analysis.
- Supports various output formats (text, JSON, HTML) and integrates with git hooks via lefthook.
- Assigns quality scores and grades (A–F) and provides per-file, actionable feedback.
- All analysis and license validation are performed offline for privacy and security.
元数据
常见问题
eventlint 是什么?
Event & message queue anti-pattern analyzer -- detects producer/consumer issues, schema problems, dead letter queue gaps, ordering failures, and observabilit... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 86 次。
如何安装 eventlint?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install eventlint」即可一键安装,无需额外配置。
eventlint 是免费的吗?
是的,eventlint 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
eventlint 支持哪些平台?
eventlint 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 eventlint?
由 suhteevah(@suhteevah)开发并维护,当前版本 v1.0.1。
推荐 Skills