ClawHub

Bug Fix Protocol

v1.0.0

Structured protocol for fixing bugs with AI agents. Prevents hallucinations and fix loops by enforcing step-by-step diagnosis before code changes.

0· 54·0 current·0 all-time
by@borodich
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the content: an 8-step, testing-first protocol for bug fixes. Nothing in the skill requires unrelated resources (no env vars, binaries, or installs). The guidance (write failing test, find root cause, patch tests) is appropriate for the claimed purpose.
Instruction Scope
SKILL.md contains procedural guidelines and templates only; it does not instruct the agent to read arbitrary files, exfiltrate data, call external endpoints, or run specific system-level commands. All referenced actions (writing tests, running suites, making PRs) are consistent with debugging workflows.
Install Mechanism
No install spec and no code files—there is nothing to install or run on disk. This minimizes on-disk risk and is proportionate to an instruction-only skill.
Credentials
The skill declares no required environment variables, credentials, or config paths. The actions it recommends (running tests, patching test system, creating PRs) would in practice require repository/CI access, but the skill itself does not request those—this is proportionate and expected.
Persistence & Privilege
always is false and there are no install hooks. The skill can be invoked autonomously by models (platform default), which is normal; nothing in the skill asks for persistent agent privileges or to modify other skills.
Assessment
This skill is an instruction-only checklist (no code, no installs, no secret requests) and appears coherent and low-risk as-is. Before enabling it for an agent, consider the operational consequences: the protocol expects the agent to run tests, modify code, and open PRs—so you must decide what repository/CI/runner access the agent will have. If you grant the agent repo or CI tokens, follow least privilege: scope tokens narrowly, prefer ephemeral tokens, require human review/approval for merges, enable logging and CI job isolation, and avoid giving broad org-level credentials. Also confirm your CI/test environment is safe to run untrusted changes (e.g., sandboxed runners). If you want to be extra cautious, require the agent to only produce patch suggestions (diffs/PRs) and prevent automatic commits or merges without a human operator.

Like a lobster shell, security has layers — review code before you run it.

developmentvk97d9bvmft94v1hd7bp8k6rxes83ypvflatestvk97d9bvmft94v1hd7bp8k6rxes83ypvftestingvk97d9bvmft94v1hd7bp8k6rxes83ypvf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments