← 返回 Skills 市场
75
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install regexguard
功能描述
Regex safety & correctness analyzer -- detects catastrophic backtracking, portability errors, correctness bugs, maintainability issues, anchoring problems, a...
安全使用建议
What to consider before installing:
- Review the scripts in this skill (already included) before enabling hooks in your repos — the code is local shell scripts that will be sourced/executed during commits if you install the lefthook hooks.
- The skill reads a license key from REGEXGUARD_LICENSE_KEY or ~/.openclaw/openclaw.json; treat that file and the env var as sensitive. If you prefer, keep the license in an environment variable rather than a persistent config file.
- The license checker optionally uses CLAWHUB_JWT_SECRET (not declared in metadata) only for signature verification — ensure you don't have an unexpected secret set with that name.
- Installing hooks modifies repository configuration (adds lefthook.yml and runs lefthook install). That is expected but persistent; only install hooks in repositories where you trust the skill and its source.
- No network calls or telemetry were found in the code; still, if you need absolute assurance, run the scripts manually (bash scripts/dispatcher.sh scan .) in a controlled workspace to observe behavior before enabling hooks.
功能分析
Type: OpenClaw Skill
Name: regexguard
Version: 1.0.2
RegexGuard is a regex safety and correctness analyzer designed to detect anti-patterns like ReDoS (Catastrophic Backtracking) and portability issues in local codebases. The tool implements a tiered licensing system using offline JWT validation (found in `license.sh`) and provides Git integration via `lefthook` (managed in `dispatcher.sh`). Analysis of the shell scripts (`analyzer.sh`, `dispatcher.sh`) confirms that all scanning and license checks are performed locally without network exfiltration or suspicious execution patterns. The tool's behavior, including reading the OpenClaw configuration for API keys and installing git hooks, is entirely consistent with its stated purpose as a developer utility.
能力标签
能力评估
Purpose & Capability
Name/description match the actual behavior: scripts scan source files for regex anti-patterns using grep, produce reports, and optionally validate a license. Requested binaries (git, bash, python3, jq) are reasonable for file discovery, config parsing, and CLI behavior. The brew install of lefthook aligns with the documented git-hook integration.
Instruction Scope
Runtime instructions and scripts are limited to scanning repository files, loading pattern definitions, and producing reports. They also provide commands to install lefthook git hooks (pre-commit/pre-push) which modify repository config and will run on commit/push. The skill reads a local OpenClaw config (~/.openclaw/openclaw.json) or an env var for a license key — this is limited and documented, but you should be aware hooks run during developer git operations.
Install Mechanism
Install uses a single brew formula (lefthook) which is a standard package manager step and only installs the lefthook binary. There are no remote downloads or archive extraction of arbitrary code in the install spec (the skill itself is delivered as script files).
Credentials
The primary credential REGEXGUARD_LICENSE_KEY is appropriate for gated Pro/Team features and the code will also look for the key in ~/.openclaw/openclaw.json. There is an additional optional environment variable (CLAWHUB_JWT_SECRET) used only to optionally verify JWT signatures — it is not declared in the registry metadata and appears to be an implementation detail of the license-checking code. No unrelated cloud credentials or broad secrets are requested.
Persistence & Privilege
always:false and model invocation are normal. However, the skill can install lefthook-based git hooks into repositories (config/lefthook.yml and lefthook install), which is a persistent change at the repository level and causes scripts to run during commits/pushes. This behavior is consistent with its stated purpose but is a persistent capability you should consent to.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install regexguard - 安装完成后,直接呼叫该 Skill 的名称或使用
/regexguard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Fix: POSIX ERE regex compliance, declare all deps, JWT verification
元数据
常见问题
regexguard 是什么?
Regex safety & correctness analyzer -- detects catastrophic backtracking, portability errors, correctness bugs, maintainability issues, anchoring problems, a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 75 次。
如何安装 regexguard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install regexguard」即可一键安装,无需额外配置。
regexguard 是免费的吗?
是的,regexguard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
regexguard 支持哪些平台?
regexguard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 regexguard?
由 suhteevah(@suhteevah)开发并维护,当前版本 v1.0.2。
推荐 Skills