OpenClaw Skill Debugger
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent debugging helper for OpenClaw skills; it runs local inspection scripts and has some under-declared tool dependencies, but no evidence of malicious behavior.
This skill appears safe for its stated purpose. Before installing or using it, note that it runs local shell scripts to inspect a chosen skill directory, so only target directories you intend to debug and use an isolated environment for untrusted skills.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at the wrong directory, the agent may inspect files outside the intended skill project and show matching content or dependency information in the session.
The skill instructs use of local shell helper scripts on a user-provided path. This is expected for a debugger, but the path controls what local files are inspected.
Execute `scripts/check-hardcoded-paths.sh <caminho-da-skill>` ... execute `scripts/verify-dependencies.sh <caminho-da-skill>`
Run the scripts only on the specific skill directory being debugged, preferably in an isolated workspace when analyzing untrusted skills.
The skill may fail or behave inconsistently on systems that do not already have the expected command-line tools installed.
The script depends on ripgrep and other shell utilities, while the registry requirements declare no required binaries. This is an operational dependency declaration gap rather than evidence of unsafe behavior.
rg -n "^/([a-zA-Z0-9_-]+/)+" "$SKILL_PATH" $EXCLUDE_DIRS
Declare bash/ripgrep and other required utilities in metadata, or document clear installation prerequisites.