Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Self Repair
v1.0.0Automatically captures runtime errors, analyzes root causes, generates and applies fixes, and verifies repairs without manual intervention.
⭐ 0· 151·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (agent self-repair) aligns with the provided scripts and workflow: capturing exceptions, analyzing root cause, generating fixes, and applying them. Creating logs under ~/.openclaw and having scripts to analyze and apply fixes is coherent with the stated purpose.
Instruction Scope
SKILL.md contains concrete runnable scripts that instruct the agent to write/read files under ~/.openclaw, run subprocesses, install packages, restart services, and delete cache. These actions go beyond read-only diagnostics and grant the skill broad discretion to modify system state and install software, with no user confirmation or safety checks described.
Install Mechanism
There is no formal install spec (instruction-only), which reduces packaging risk. However the runtime code instructs on-the-fly installs (pip3 install --break-system-packages), which is effectively an installation mechanism executed at runtime and is high-risk because it can alter system Python packages.
Credentials
The manifest declares no credentials or config paths, but the instructions read/write to ~/.openclaw, suggest using sudo for permission fixes, run 'openclaw gateway restart', and execute pip installs and rm -rf operations. Those capabilities require filesystem and privilege access not disclosed in the metadata and are disproportionate unless the operator explicitly consents and isolates the skill.
Persistence & Privilege
always:false and default autonomous invocation are used (normal), but the skill's scripts persist under ~/.openclaw/workspace and would modify system state. Combined with autonomous invocation this increases blast radius—however 'always:true' is not set and there is no evidence the skill changes other skills' configs.
What to consider before installing
This skill is instruction-only but includes runnable Python scripts that would create files in ~/.openclaw and perform system operations: runtime pip installs (with --break-system-packages), service restarts (openclaw gateway restart), and filesystem deletions (rm -rf cache). Before installing or enabling this skill: 1) verify the skill's source and provenance — the registry shows "unknown" and no homepage; 2) review and test the provided scripts line-by-line in an isolated environment (VM or container) rather than your primary machine; 3) remove or restrict any automatic pip installs and the --break-system-packages flag (prefer virtualenvs or explicit package lists); 4) add explicit user confirmations, dry-run modes, logging/auditing, and limits on what files/paths it can change; 5) do not allow autonomous invocation until you trust the implementation; and 6) request/require additional metadata from the publisher (origin, signing, intended privilege level, test results). The skill contains a few buggy/unsafe patterns (literal '~' not expanded in paths, unsafe delete/command usage, and no input validation) that should be fixed before use.Like a lobster shell, security has layers — review code before you run it.
latestvk973mhkfv0ntfjcx7mqzzek75s83898x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.