Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI Agent 自省调试框架
v1.1.0AI Agent 自省调试框架 - 让 AI Agent 具备自我诊断和自动修复能力。用于捕获错误、根因分析、自动修复、生成报告。
⭐ 0· 232·0 current·0 all-time
bysteve xia@danihe001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (introspection + auto-repair) align with the shipped code and SKILL.md: the module captures global errors, analyzes root causes, writes files, fixes permissions, and installs missing modules — all expected for an auto-debugger.
Instruction Scope
SKILL.md instructs importing and instantiating the module and lists features (global capture, auto-fix). That matches the implementation, but the runtime behavior has broad side effects (registers process-level uncaughtException/unhandledRejection handlers and attempts automatic fixes) that the README does not tightly constrain (for example: when auto-fix runs, whether user confirmation is required, or limits on what paths/commands it will act on).
Install Mechanism
This is an instruction-only skill with a code file and no install spec — nothing is downloaded or installed at skill install time. Risk comes from runtime operations (the code invokes shell commands and npm install when fixing).
Credentials
The skill requests no environment variables, which is appropriate, but it executes shell commands derived from parsed error messages (e.g., `chmod +x "${filePath}"`, `npm install ${moduleName}`). If error messages or workspace contents are attacker-controlled, these operations could lead to command injection, arbitrary package installation, or unwanted filesystem changes. There is no declared limit or sanitization visible in the provided code excerpt.
Persistence & Privilege
always:false and user-invocable:true — normal. The skill does, however, register global process handlers when instantiated, so simply requiring/constructing it will alter process-wide behavior; that's coherent with its purpose but important to be aware of.
What to consider before installing
This skill does what it says (auto-diagnose and auto-fix), but it performs filesystem writes, chmods, and runs shell commands (including npm install) based on parsed error messages. Before installing or using it: (1) Review the full source for helper functions not shown here (extractFilePath, extractModuleName, execAsync, ensureDir) to confirm they properly validate and sanitize inputs; (2) Do not enable auto-fix in environments that process untrusted inputs — prefer notificationHook + manual confirmation; (3) Run the module in a restricted workspace/least-privilege container or sandbox until you vet it; (4) Consider removing or disabling automatic npm installs and any shell execs, or require explicit human approval for fixes; (5) If you need higher assurance, request the complete (untruncated) source for review so we can check for command injection, remote endpoints, or hidden network calls.introspection-debugger.js:485
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
error-handlingvk9700fqhe4w9reynxph21qrc7s82zgtrintrospectionvk9700fqhe4w9reynxph21qrc7s82zgtrlatestvk9700fqhe4w9reynxph21qrc7s82zgtrself-healingvk9700fqhe4w9reynxph21qrc7s82zgtr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis