MeowKit
agent
Basarisiz
Health Uyari
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 6 GitHub stars
Code Basarisiz
- rm -rf — Recursive force deletion command in .claude/hooks/post-write.sh
- process.env — Environment variable access in .claude/hooks/post-write.sh
Permissions Gecti
- Permissions — No dangerous permissions requested
Purpose
This toolkit provides a structured, 7-phase AI agent workflow system for Claude Code. It scaffolds configuration files, agents, and lifecycle hooks directly into your local project to enforce Test-Driven Development and security scanning.
Security Assessment
The overall risk is High. The system operates heavily via shell scripts and automatically executed lifecycle hooks, which introduces significant system-level risks. The automated scan explicitly flagged a recursive force deletion command (`rm -rf`) inside a post-write hook. If this hook runs unexpectedly or against the wrong directory, it could result in catastrophic data loss. Furthermore, this tool accesses environment variables within those same shell scripts, meaning it could potentially expose sensitive local data like API keys or credentials to its processes. While no hardcoded secrets or dangerous broad permissions were found, the combination of automated execution, environment access, and destructive file commands makes it dangerous to run without strictly auditing the code first.
Quality Assessment
The project is under active development, with its last push occurring today. It is distributed under the standard, permissive MIT license, which is excellent for open-source adoption. However, community trust and visibility are currently very low. With only 6 GitHub stars, the project lacks the widespread community testing, auditing, and peer review typically required to safely trust automated development tools.
Verdict
Use with extreme caution—the presence of destructive shell commands in automated hooks combined with low community oversight requires a thorough manual code review before executing this tool on any machine.
This toolkit provides a structured, 7-phase AI agent workflow system for Claude Code. It scaffolds configuration files, agents, and lifecycle hooks directly into your local project to enforce Test-Driven Development and security scanning.
Security Assessment
The overall risk is High. The system operates heavily via shell scripts and automatically executed lifecycle hooks, which introduces significant system-level risks. The automated scan explicitly flagged a recursive force deletion command (`rm -rf`) inside a post-write hook. If this hook runs unexpectedly or against the wrong directory, it could result in catastrophic data loss. Furthermore, this tool accesses environment variables within those same shell scripts, meaning it could potentially expose sensitive local data like API keys or credentials to its processes. While no hardcoded secrets or dangerous broad permissions were found, the combination of automated execution, environment access, and destructive file commands makes it dangerous to run without strictly auditing the code first.
Quality Assessment
The project is under active development, with its last push occurring today. It is distributed under the standard, permissive MIT license, which is excellent for open-source adoption. However, community trust and visibility are currently very low. With only 6 GitHub stars, the project lacks the widespread community testing, auditing, and peer review typically required to safely trust automated development tools.
Verdict
Use with extreme caution—the presence of destructive shell commands in automated hooks combined with low community oversight requires a thorough manual code review before executing this tool on any machine.
AI Agent Workflow System for Claude Code
README.md
MeowKit
AI agent toolkit for Claude Code
58 skills · 15 agents · 18 commands · 7 modes · 17 rules · 9 hooks · 4-layer security
What is MeowKit
MeowKit installs a .claude/ directory that Claude Code reads at session start. It enforces a structured 7-phase workflow with hard gates, TDD, security scanning, and cross-session memory. Zero external dependencies for core workflow.
Documentation: meowkit.dev (VitePress)
Quick Start
npx mewkit init
The CLI fetches the latest release from GitHub, prompts for config, and scaffolds .claude/ into your project.
npx mewkit setup # Configure: Python venv, MCP, .env, .gitignore
npx mewkit doctor # Verify environment
Packages
| Package | npm | Description |
|---|---|---|
create-meowkit |
npm create meowkit@latest (deprecated) |
Scaffold CLI — use npx mewkit init instead |
mewkit |
npx mewkit <cmd> |
Runtime CLI — upgrade, doctor, validate, budget, memory |
Requirements
- Node.js 20+
- Python 3.9+ (stdlib only, for validation scripts)
- Git
Project Structure
meowkit/
├── .claude/ Source of truth — agents, skills, rules, hooks
│ ├── agents/ 15 specialist agents
│ ├── skills/ 58 skills (meow: namespace)
│ ├── rules/ 17 enforcement rules
│ ├── hooks/ 9 lifecycle hooks
│ ├── commands/ 18 slash commands
│ ├── modes/ 7 behavioral modes
│ ├── scripts/ Python validators + shell utilities
│ └── settings.json
├── tasks/ Task templates
├── packages/
│ ├── create-meowkit/ Scaffold CLI (npm)
│ └── meowkit/ Runtime CLI (npm as mewkit)
├── scripts/ Release automation
├── website/ VitePress documentation
├── CLAUDE.md Entry point for Claude Code
├── .releaserc.cjs Semantic release config
└── .github/workflows/ CI/CD (release, beta, PR validation)
Releasing
See RELEASING.md for the complete release guide — manual steps, CI/CD automation, troubleshooting.
Development
npm install # Install dependencies
npm run build # Build both packages
npm test # Run tests
npm run lint # Lint
npm run typecheck # Type check
License
MIT
Inspiration
- gstack — Skills, review patterns, ship workflow
- antigravity-kit — Clean code standards, vulnerability scanning
- aura-frog — Agent detection, workflow orchestration
- claudekit-engineer — Cook/fix pipelines, release model
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi