ClawHub

Issue Reproducer

v1.0.0

把 bug 描述整理成可复现步骤、环境、预期与实际结果和最小复现条件。;use for bug, reproduction, qa workflows;do not use for 伪造日志, 忽略用户给出的环境差异.

0· 102·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (issue reproduction / structured brief) align with the included files: a template, spec.json, examples, and a Python script that builds structured reports, audits directories or CSVs, and scans for risky patterns. The single required binary (python3) is proportionate.
Instruction Scope
SKILL.md limits behavior (emphasizes read-only, no fabrication, list missing info) and explicitly suggests running the local script when allowed. The script legitimately reads files/directories (markdown, code, CSV, etc.) to build reports and to search for patterns; this is within scope for an audit/reporting skill. Note: because the script can be pointed at arbitrary paths, it can read local files (including potentially sensitive files) — the SKILL.md and README discourage sending secrets and recommend local-only operation.
Install Mechanism
No install spec; instruction-only skill with a local Python script. No network downloads or package installs are required. This is low risk and consistent with the stated behavior.
Credentials
No environment variables, no credentials, no config paths required. The tool only needs python3 and local file access, which is appropriate for its functionality.
Persistence & Privilege
always is false; the skill does not request permanent/system-wide privileges or modify other skills. It runs locally and does not persist elevated access.
Assessment
This skill appears to do what it says: produce structured reproduction reports and perform optional local audits. Before installing or running it, review the included scripts/run.py (already present) and: 1) run it in a safe directory (avoid pointing it at /, home, or directories with secrets), 2) do not pass sensitive files or credentials as input, 3) if you plan to let an agent invoke the skill autonomously, restrict the allowed input paths or review outputs first (the script can read arbitrary files but does not contact the network), and 4) verify the runtime (python3) and run smoke tests locally. If you need stronger assurance, inspect the remainder of run.py (the provided file was truncated in the listing) or run it in a sandboxed environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk9764t6gkms914x9qma6dw0a3n835vd3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐞 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments