An AI coding assistant for review, debugging, refactoring, and design checks.
The material shows a tool that bundles prompts and user-selected files for a second-model review, with local file selection, session storage, and optional network transmission. Given its open-source nature and very high community adoption, no clear high-risk red flags are evident, but file exfiltration to model providers and local persistence warrant cautious use.
The README explicitly mentions API mode with OPENAI_API_KEY or Azure config, and remote browser mode with a --remote-token. These are not strictly required for all usage, but when configured they are sensitive credentials and should not be exposed in repos, logs, or shared session directories.
The tool supports an API engine, browser engine, and a remote browser host; its core function is to send prompts and selected file contents to a second model or remote browser session. No unrelated or suspicious exfiltration endpoint is stated, but user code/docs do leave the local machine depending on the chosen engine.
The material describes a CLI that runs locally, may start browser/server-related processes, and supports oracle serve listening on a host and port. This is standard execution capability for such tools; no request for unusually dangerous system privileges or code execution unrelated to its stated purpose is evident.
The tool reads files, directories, and globs provided via --file, and stores sessions under ~/.oracle/sessions with ORACLE_HOME_DIR override support. The README also states it honors .gitignore, does not follow symlinks, and filters some directories and large files by default, indicating access is primarily controlled by explicit user selection rather than broad overreach.
The source is an open-source GitHub repository with auditable code and extremely high community adoption (~377k stars), which is strong risk-reducing evidence. No closed-source distribution, abandoned download source, or obvious injection-style wording is apparent; only the undeclared license and unknown maintenance status remain worth verifying.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "oracle" skill from askskill: 1. Download https://raw.githubusercontent.com/openclaw/openclaw/main/skills/oracle/SKILL.md 2. Save it as ~/.claude/skills/oracle/SKILL.md 3. Reload skills and tell me it's ready
Using my selected files, act as a second model to review this refactor plan, identify risks and maintainability issues, and suggest safer improvements.
A risk analysis of the refactor plan, a list of issues, and actionable improvement suggestions.
Inspect the selected code files, analyze the root cause of this error, propose a fix, and provide the smallest possible patch.
An explanation of the error cause, fix steps, and a recommended minimal code change.
Without changing the code directly, do a dry-run evaluation of this feature design change, estimate scope and likely token or resource usage, and highlight what needs validation.
An impact assessment of the design change, resource estimates, and key testing checkpoints.
Oracle bundles a prompt + selected files for one second-model pass. Treat output as advisory; verify against code + tests.
Current CLI default model: gpt-5.5-pro. Browser engine is useful for long ChatGPT Pro runs; API engine is useful when OPENAI_API_KEY or Azure config is ready.
Recommended defaults:
--dry-run summary --files-report--engine browser --model gpt-5.5-pro--engine api --model gpt-5.5--dry-run + --files-report).Help:
oracle --helpnpx -y @steipete/oracle --help (avoid pnpx here; sqlite bindings).Preview (no tokens):
oracle --dry-run summary -p "<task>" --file "src/**" --file "!**/*.test.*"oracle --dry-run full -p "<task>" --file "src/**"Token sanity:
oracle --dry-run summary --files-report -p "<task>" --file "src/**"Browser run (main path; long-running is normal):
oracle --engine browser --model gpt-5.5-pro -p "<task>" --file "src/**"Manual paste fallback:
oracle --render --copy -p "<task>" --file "src/**"--copy is a hidden alias for --copy-markdown.--file)--file accepts files, directories, and globs. You can pass it multiple times; entries can be comma-separated.
Include:
--file "src/**"--file src/index.ts--file docs --file README.mdExclude:
--file "src/**" --file "!src/**/*.test.ts" --file "!**/*.snap"Defaults (implementation behavior):
node_modules, dist, coverage, .git, .turbo, .next, build, tmp (skipped unless explicitly passed as literal dirs/files)..gitignore when expanding globs.--file ".github/**").api when OPENAI_API_KEY is set; otherwise browser.--engine api for Claude/Grok/Codex or multi-model runs.--browser-attachments auto|never|always (auto pastes inline up to ~60k chars then uploads).oracle serve --host 0.0.0.0 --port 9473 --token <secret>oracle --engine browser --remote-host <host:port> --remote-token <secret> -p "<task>" --file "src/**"~/.oracle/sessions (override with ORACLE_HOME_DIR).oracle status --hours 72oracle session <id> --render--slug "<3-5 words>" to keep session IDs readable.--force only when you truly want a fresh run.Oracle starts with zero project knowledge. Assume the model cannot infer your stack, build tooling, conventions, or "obvious" paths. Include:
.env, key files, auth tokens). Redact aggressively; share only what's required.For long investigations, write a standalone prompt + file set so you can rerun days later:
…
Fetch GitHub issues, create fixes, open PRs, and handle reviews.
Convert text to speech locally and offline with sherpa-onnx, no cloud needed.
Regenerate OpenClaw release changelog sections from Git history before releases.
Prepare and verify OpenClaw stable or beta releases and release notes.
Automate web page workflows, login checks, tab handling, and recovery steps.
Verify an OpenClaw release is fully published and working across all channels.
Run a structured code review before commit or release on local or PR branches.
Run multi-model code reviews to surface bugs, security risks, and improvements.
Run multi-model reviews for code changes, PRs, and risky edits.
Simulate a multi-agent engineering team to review code for quality and risks.
Review code or branches for correctness, compatibility, architecture, tests, performance, and security.
Choose and run the safest, cheapest OpenClaw test and validation path.