Bugfix Workflow
v1.0.0BUG 修复工作流。当用户报告 bug、错误、异常行为、功能不符合预期时使用。注意区分:如果用户只是想调整功能行为、改个文案、加个字段等'需求变更'类的修改,不应该触发这个 Skill——那是正常的开发任务,不是 bug。真正的 bug 是'代码的行为与需求/设计不符'。
⭐ 0· 84·1 current·1 all-time
byp1866@cping6
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (bug-fix workflow) matches the SKILL.md: it describes triage, reproduction, root cause analysis, minimal fixes, testing, and report generation. The files referenced (specs/PROJECT-CONTEXT.md, docs/, assets/bugfix-report-template.md) are coherent with a repo-scoped debugging workflow.
Instruction Scope
Instructions are narrowly scoped to project files, tests, and the provided report template. They recommend using project tests and tools (unit tests, Playwright, Supabase queries) but do not instruct reading unrelated system files or exporting data externally. Note: SKILL.md references Playwright MCP and Supabase MCP — these are expected testing/data tools but the skill does not declare how to obtain credentials or invoke remote endpoints.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is downloaded or written by an installer, which minimizes risk.
Credentials
The skill requests no environment variables, binaries, or credentials. References to test tools (Playwright, Supabase) are reasonable for verification steps but the skill does not ask for tokens or secrets.
Persistence & Privilege
always is false and model invocation is normal (not disabled). The skill does not request persistent system-wide changes or access to other skills' configs.
Assessment
This skill is internally consistent and appears safe as an instruction-only bug-fix checklist. Before installing or allowing an agent to execute it, verify: (1) the agent's runtime has no unchecked access to your repo or production secrets — tests can execute code and may access resources; (2) if you expect Playwright or Supabase validation, ensure those tools and any required credentials are provisioned intentionally and scoped with least privilege; (3) confirm the agent cannot autonomously push commits or create releases unless you explicitly want that. If those controls are in place, this skill can be used as a developer workflow template.Like a lobster shell, security has layers — review code before you run it.
latestvk9715bzffsjxvxy9v7qepw4pcx83kg1f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.