← 返回 Skills 市场
suhteevah

featurelint

作者 suhteevah · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ 安全检测通过
93
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install featurelint
功能描述
Statically analyze code for feature flag hygiene issues like stale flags, SDK misuse, safety risks, and architecture problems before production deployment.
使用说明 (SKILL.md)

FeatureLint

Feature flag hygiene analyzer that catches stale flags, SDK misuse, safety risks, and architecture problems before they reach production.

Emoji: flag Homepage: https://featurelint.pages.dev Product: featurelint Accent: #e84393

What It Does

FeatureLint statically analyzes your codebase for feature flag hygiene issues across six categories:

  • Stale Flags (SF) — Detects hardcoded booleans, TODO-annotated flags, commented-out conditionals, and flags with past date references
  • Flag Complexity (FC) — Finds nested flag conditions, excessive branching, flag entanglement, and missing caching in loops
  • Flag Safety (FS) — Warns when flags gate authentication, payments, encryption, data deletion, or audit logging paths
  • SDK Misuse (SM) — Catches missing default values, loop evaluations, multiple SDK initializations, and missing error handling
  • Flag Lifecycle (FL) — Identifies flags without cleanup dates, abandoned experiments, 100% rollouts, and missing owner annotations
  • Flag Architecture (FA) — Detects wrong-layer evaluation, service coupling, missing registries, and leaked server-side state

90 total patterns with POSIX ERE regex matching, severity levels, and actionable recommendations.

Installation

As a Git Hook (Lefthook)

# lefthook.yml
pre-commit:
  commands:
    featurelint:
      glob: "*.{js,jsx,ts,tsx,py,rb,java,go,rs}"
      run: bash path/to/featurelint/scripts/dispatcher.sh staged --severity error

Direct CLI Usage

# Scan a directory
bash scripts/dispatcher.sh scan ./src

# Scan with JSON output
bash scripts/dispatcher.sh scan --format json --output report.json ./src

# Analyze staged files
bash scripts/dispatcher.sh staged

# Single file analysis
bash scripts/dispatcher.sh file ./src/flags.ts

# Health check
bash scripts/dispatcher.sh health

Tier System

Tier Patterns Categories Price
Free 30 Stale Flags + Flag Complexity $0
Pro 60 + Flag Safety + SDK Misuse $9/month
Team 90 + Flag Lifecycle + Flag Architecture $29/month

Activate a tier by setting your license key:

export FEATURELINT_LICENSE_KEY="FEATURELINT-XXXX-XXXX-XXXX-XXXX"

Commands

Command Description
scan Analyze a directory for feature flag issues
file Analyze a single file
staged Analyze git staged files (for pre-commit hooks)
baseline Create a baseline snapshot of current findings
compare Compare current findings against the baseline
health Run self-diagnostic health check
version Print version information
help Show usage and available options

Options

Flag Description Default
-f, --format \x3Cfmt> Output format: text, json, csv, markdown text
-o, --output \x3Cfile> Write report to file (stdout)
-s, --severity \x3Clvl> Minimum severity: error, warning, info, all all
-c, --category \x3Ccat> Filter by category code all
-t, --tier \x3Ctier> License tier: free, pro, team free
-j, --jobs \x3Cn> Parallel scan workers 4
-i, --include \x3Cglob> Include files matching pattern (all)
-e, --exclude \x3Cregex> Exclude files matching pattern (none)
-C, --context \x3Cn> Context lines around findings 2
--scan-hidden Include hidden files and directories false
--warn-exit Exit code 1 on warnings false
-v, --verbose Increase verbosity (-vv for trace) 0
-q, --quiet Suppress non-essential output false

Environment Variables

Variable Description
FEATURELINT_LICENSE_KEY License key for tier activation
FEATURELINT_TIER Override tier directly
FEATURELINT_FORMAT Default output format
FEATURELINT_SEVERITY Default severity filter
FEATURELINT_JOBS Default parallel job count

Output Formats

Text (default)

Human-readable terminal output with color-coded severity, file grouping, code context, and actionable fix recommendations.

JSON

Structured output for CI/CD integration. Includes metadata, summary counters, and a findings array with file, line, severity, check ID, description, and recommendation.

CSV

Spreadsheet-compatible output for tracking and reporting. One row per finding with all fields.

Markdown

Report template with summary tables, category breakdown, severity distribution, and a findings table. Uses the report.md.tmpl template when available.

Supported Languages

JavaScript, TypeScript, Python, Ruby, Java, Kotlin, Scala, Go, Rust, C#, F#, PHP, Swift, Dart, Vue, Svelte, Elixir, Clojure, Lua, R, YAML, JSON, TOML, XML, Terraform/HCL, and Shell.

Architecture

featurelint/
  scripts/
    dispatcher.sh    # CLI entry point and argument parsing
    analyzer.sh      # Core analysis engine and output formatters
    patterns.sh      # 90 patterns across 6 categories
    license.sh       # License validation and tier gating
  config/
    lefthook.yml     # Git hook configuration
  templates/
    report.md.tmpl   # Markdown report template
  SKILL.md           # This file

Examples

CI/CD Integration (GitHub Actions)

- name: FeatureLint
  run: |
    bash featurelint/scripts/dispatcher.sh scan \
      --format json \
      --output featurelint-report.json \
      --severity warning \
      ./src

Baseline Workflow

# Create initial baseline
bash scripts/dispatcher.sh baseline ./src

# After making changes, compare
bash scripts/dispatcher.sh compare ./src

Pre-commit with Error-Only Blocking

bash scripts/dispatcher.sh staged --severity error

Requirements

  • Bash 4.0 or later
  • Standard POSIX utilities: grep, sed, awk, find, sort, uniq, wc, cut
  • Optional: curl (for online license validation), git (for staged analysis)

License

Commercial software. Free tier available with 30 patterns. See https://featurelint.pages.dev for pricing and terms.

安全使用建议
This skill appears to be a self-contained bash static analyzer and is internally consistent. Before installing or running it in CI, review and consider: (1) the scripts will scan files under the provided target directory — avoid pointing it at directories with secrets if you don't want local scanning of them; (2) if you set FEATURELINT_LICENSE_KEY the tool may make a short network call to https://featurelint.pages.dev/api/validate and will cache the license in ~/.cache/featurelint — only provide a license key you trust this package with; (3) because it's script-based with no install stage, you can safely inspect the included scripts locally and run them in a sandbox or ephemeral environment first. No unrelated credentials or elevated privileges are requested by the skill.
功能分析
Type: OpenClaw Skill Name: featurelint Version: 1.0.1 FeatureLint is a static analysis tool designed to identify feature flag hygiene issues using Bash and standard POSIX utilities. The skill bundle includes a comprehensive set of regex patterns in `patterns.sh` and a core engine in `analyzer.sh` that supports parallel scanning and multiple output formats. While `license.sh` performs remote license validation via `curl` to a Cloudflare Pages endpoint (featurelint.pages.dev) and manages a local cache in `~/.cache/featurelint`, these behaviors are transparently documented and consistent with the tool's commercial nature. No evidence of malicious intent, unauthorized data exfiltration, or prompt injection was found.
能力标签
cryptocan-make-purchasesrequires-sensitive-credentials
能力评估
Purpose & Capability
The name/description (feature flag hygiene static analysis) matches the included files and runtime behavior: bash-based file discovery, POSIX ERE pattern matching, and reporting. Required files, CLI flags, and license-related env vars align with a local analyzer and its tiering model.
Instruction Scope
SKILL.md instructs the agent to run the provided dispatcher/scan/analyzer scripts to inspect the codebase. The scripts operate on files found under the target directory and produce local reports — this is expected for a static analyzer. There are no instructions to read unrelated system secrets, ssh keys, or to transmit scan results to third parties.
Install Mechanism
There is no install spec; the skill is instruction/script-based and runs entirely from the included scripts. No downloads or external installers are invoked by default, which minimizes supply-chain risk.
Credentials
Environment variables declared in SKILL.md (FEATURELINT_LICENSE_KEY, FEATURELINT_TIER, FORMAT, etc.) are appropriate for a tiered product. One noteworthy behavior: when FEATURELINT_LICENSE_KEY is set the license module may perform an online validation via curl to https://featurelint.pages.dev/api/validate and will cache license state in ~/.cache/featurelint/license.cache. This is proportional to license checking but is the only network activity and is triggered only when a license key is provided.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes a small license cache under the user's home directory (~/ .cache/featurelint) which is consistent with offline/online license validation and not unexpected for this product.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install featurelint
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /featurelint 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Fix: declare all deps, JWT verification, configPaths
v1.0.0
FeatureLint 1.0.0 — initial release - Analyze codebase for feature flag hygiene issues across 6 categories and 90 patterns - Supports tiered licensing: Free, Pro, and Team with increasing pattern sets - Provides CLI interface with scan, file, staged, baseline, compare, health, and report commands - Outputs reports in text, JSON, CSV, and Markdown formats - Integrates with Git hooks and CI/CD pipelines - Supports 30+ languages with static regex analysis and actionable recommendations
元数据
Slug featurelint
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

featurelint 是什么?

Statically analyze code for feature flag hygiene issues like stale flags, SDK misuse, safety risks, and architecture problems before production deployment. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 93 次。

如何安装 featurelint?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install featurelint」即可一键安装,无需额外配置。

featurelint 是免费的吗?

是的,featurelint 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

featurelint 支持哪些平台?

featurelint 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 featurelint?

由 suhteevah(@suhteevah)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论