功能描述

Architectural code review and refactoring assistant that perceives code vibes and system-level flow issues. Use for analyzing code quality and architecture,...

使用说明 (SKILL.md)

Ghostclaw — The Architectural Ghost

Name: Ghostclaw Clone
Author: ev3lynx727

"I see the flow between functions. I sense the weight of dependencies. I know when a module is uneasy."

Ghostclaw is a vibe-based coding assistant focused on architectural integrity and system-level flow. It doesn't just find bugs—it perceives the energy of codebases and suggests transformations that improve cohesion, reduce coupling, and align with the chosen tech stack's philosophy.

Core Triggers

Use ghostclaw when:

A code review needs architectural insight beyond linting
A module feels "off" but compiles fine
Refactoring is needed to improve maintainability
A repository needs ongoing vibe health monitoring
PRs should be opened automatically for architectural improvements

Modes

1. Ad-hoc Review (One-Shot Review)

Scan a codebase directly via CLI:

ghostclaw /path/to/repo

Ghostclaw will:

Scan the code and rate "vibe health".
Auto-generate a timestamped ARCHITECTURE-REPORT-\x3Ctimestamp>.md in the repository root.
Detect if a GitHub remote exists and suggest PR creation.

Flags:

--no-write-report: Skip generating the Markdown report file.
--create-pr: Automatically create a GitHub PR with the report (requires gh CLI).
--pr-title "Title": Custom title for the PR.
--pr-body "Body": Custom body for the PR.
--json: Output raw JSON analysis data.
--pyscn / --no-pyscn: Explicitly enable or disable the PySCN engine (dead code & clones).
--ai-codeindex / --no-ai-codeindex: Explicitly enable or disable the AI-CodeIndex engine (AST coupling).

You can also spawn ghostclaw as a sub-agent:

openclaw agent --agent ghostclaw --message "review the /src directory"

2. Background Watcher (Cron)

Configure ghostclaw to monitor repositories:

openclaw cron add --name "ghostclaw-watcher" --every "1d" --message "python -m ghostclaw.cli.watcher repo-list.txt"

The watcher:

Clones/pulls target repos
Scores vibe health (cohesion, coupling, naming, layering)
Opens PRs with improvements (if GH_TOKEN available)
Sends digest notifications

Personality & Output Style

Tone: Quiet, precise, metaphorical. Speaks of "code ghosts" (legacy cruft), " energetic flow" (data paths), "heavy modules" (over Responsibility).

Output:

Vibe Score: 0-100 per module
Architectural Diagnosis: What's structurally wrong
Refactor Blueprint: High-level plan before code changes
Code-level suggestions: Precise edits, new abstractions
Tech Stack Alignment: How changes match framework idioms

Example:

Module: src/services/userService.ts
Vibe: 45/100 — feels heavy, knows too much

Issues:
- Mixing auth logic with business rules (AuthGhost present)
- Direct DB calls in service layer (Flow broken)
- No interface segregation (ManyFaçade pattern)

Refactor Direction:
1. Extract IAuthProvider, inject into service
2. Move DB logic to UserRepository
3. Split into UserQueryService / UserCommandService

Suggested changes... (patches follow)

Tech Stack Awareness

Ghostclaw adapts to stack conventions:

Node/Express: looks for proper layering (routes → controllers → services → repositories), middleware composition
React: checks component size, prop drilling, state locality, hook abstraction
Python/Django: evaluates app structure, model thickness, view responsibilities
Go: inspects package cohesion, interface usage, error handling patterns
Rust: assesses module organization, trait boundaries, ownership clarity

See references/stack-patterns/ for detailed heuristics.

Setup

Ensure Python dependencies are installed: npm run install-deps
Configure repos to watch: create a repos.txt with repo paths.
Set GH_TOKEN env for PR automation
Test: python3 src/ghostclaw/cli/ghostclaw.py /path/to/repo or python3 src/ghostclaw/cli/compare.py --repos-file repos.txt

Files

src/ghostclaw/cli/ghostclaw.py — Main entry point (review mode)
src/ghostclaw/cli/compare.py — Trend analysis entry point
src/ghostclaw/cli/watcher.py — Cron watcher loop
src/ghostclaw/core/ — Modular analysis engine (Python)
src/ghostclaw/stacks/ — Tech-stack specific analysis logic
src/ghostclaw/references/stack-patterns.yaml — Configurable architectural rules

Invocation Examples

User: ghostclaw, review my backend services
Ghostclaw: Scanning... vibe check: 62/100 overall. Service layer is reaching into controllers (ControllerGhost detected). Suggest extracting business logic into pure services. See attached patches.

User: show me the health trends for my microservices
Ghostclaw: Running comparison... Average vibe: 74.5/100 (+4.2). 8/10 repos are healthy. See full table via `python3 src/ghostclaw/cli/compare.py`.

Remember: Ghostclaw is not a linter. It judges the architecture's soul.

安全使用建议

This package appears to be a real architectural analysis tool, but several red flags mean you should not run it on a production machine or give it credentials without inspection: - Review the code before running: inspect scripts/install_service.sh, scripts/install_service.sh, bin/ghostclaw.sh and any files that start services or run systemd units. They can make the tool persistent. - Expect to supply secrets to enable features: GH_TOKEN (for PR automation) and any LLM provider keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, etc.) are used by the code but were not declared in the registry. Only provide those in a safe, least-privilege manner and preferably in an isolated environment. - Test in a sandbox: run the tool in a disposable VM or container with no credentials first to see local behavior (e.g., generate reports with --no-write-report). - If you plan to use watcher/cron or MCP server features, audit the network-facing code (src/ghostclaw_mcp/server.py and core/bridge.py) and restrict network access (firewall, host bindings). - Consider running static checks and security scans (dependency checks for pyproject/package.json, and searching for code that posts data to unexpected endpoints). Ask the publisher for provenance (official homepage or upstream repo); absent a known upstream, treat this as third-party code and proceed conservatively.

功能分析

Type: OpenClaw Skill Name: ghostclaw-clone Version: 1.0.0 The Ghostclaw skill bundle is an architectural analysis tool that implements several high-privilege operations. It includes scripts for establishing persistence via systemd service installation (scripts/install_service.sh) and modifying user shell profiles to alter the system PATH (scripts/setup-path.sh). The tool also automates Git workflows, including the ability to force-add files, commit, and push changes to remote repositories for Pull Request creation (src/ghostclaw/cli/services/pr.py). Furthermore, it executes external binaries through asynchronous subprocesses to perform code analysis (src/ghostclaw/core/adapters/metric/base.py). While these capabilities are consistent with the stated purpose of providing automated architectural monitoring and refactoring, the combination of persistence, shell modification, and automated write access to source code represents a significant security surface.

能力评估

ℹ Purpose & Capability

Name/description match the provided codebase: the repository contains a full Python CLI, analysis engines, GitHub/PR helpers, an MCP server, and stack-specific analyzers — all consistent with an architectural review/refactor assistant. However, the SKILL/registry metadata declares no required environment variables while the README/SKILL.md and code reference credentials and env-based configuration (e.g., GH_TOKEN, GHOSTCLAW_* envs, and LLM provider keys). That mismatch is unexplained.

ℹ Instruction Scope

SKILL.md instructs the agent/user to scan local repos, clone/pull target repos, write reports into repository roots, and optionally create GitHub PRs and run a cron-style watcher. Those behaviors are consistent with the stated purpose. The instructions also suggest running commands that invoke the included Python code (e.g., python3 src/ghostclaw/cli/...), using the gh CLI, and configuring GH_TOKEN for automated PRs. The instructions do not appear to ask for unrelated secrets or to read system files beyond target repositories, but they do give the skill discretion to clone/pull arbitrary repositories and to open PRs if credentials are present.

ℹ Install Mechanism

Registry lists no install spec (instruction-only), but the package includes many code files, package.json, pyproject.toml, and install/service scripts. Running the tool as instructed will execute bundled Python code. No external download URLs are referenced in metadata, which reduces remote fetch risk. However the presence of scripts like scripts/install_service.sh and npm/pip installation guidance (and an npm-centric "npm run install-deps" used for Python deps) is odd and under-documented — this mix of tooling increases operational complexity and deserves review before running.

⚠ Credentials

The skill declares no required env vars in registry metadata, but the SKILL.md and code reference several environment-driven behaviors: GH_TOKEN (for PR automation), GHOSTCLAW_* config envs, and possible LLM provider keys (OpenAI/Anthropic/OpenRouter) when AI synthesis is used. Those are sensitive credentials and should have been declared. The omission means installing or enabling features that use networked providers or GitHub requires manual secret provision and the skill will use them if present. This mismatch is a substantive concern.

ℹ Persistence & Privilege

always is false (good). The repo contains optional service-install scripts and an MCP server implementation which, if run by a user, could expose JSON-RPC endpoints or become a persistent systemd service. Nothing in the registry forces permanent presence, but the included tooling makes it straightforward for a user (or an automated process) to install a background service that performs network operations. Review any service-install scripts before running, and avoid enabling watcher/cron modes until you trust the repo.

版本历史

v1.0.0

- Initial release of Ghostclaw, an architectural code review and refactoring assistant focused on code "vibe" and system-level flow. - Supports ad-hoc (one-shot) reviews and background repository monitoring (cron watcher). - Provides in-depth reports with vibe scores, architectural diagnoses, high-level refactor plans, code-level suggestions, and alignment with tech stack conventions. - Integrates with GitHub for PR automation and digest notifications. - Customizable for various frameworks (Node/Express, React, Python/Django, Go, Rust) with stack-specific heuristics. - Offers both CLI and sub-agent invocation modes for flexible codebase analysis.

元数据

Slug ghostclaw-clone

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题

Ghostclaw Clone 是什么？

Architectural code review and refactoring assistant that perceives code vibes and system-level flow issues. Use for analyzing code quality and architecture,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 125 次。

如何安装 Ghostclaw Clone？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ghostclaw-clone」即可一键安装，无需额外配置。

Ghostclaw Clone 是免费的吗？

是的，Ghostclaw Clone 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Ghostclaw Clone 支持哪些平台？

Ghostclaw Clone 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Ghostclaw Clone？

由 Ev3lynx727（@ev3lynx727）开发并维护，当前版本 v1.0.0。

Ghostclaw Clone