ClawHub

Debug Assistant

v1.0.0

AI-powered debugging assistant. Analyze error logs, explain error messages, parse stack traces, and get fix suggestions with cheatsheets for 8 languages. Pow...

0· 90·0 current·0 all-time
by@evolinkai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is described as an AI debugging assistant and the scripts implement that: they read files passed as arguments, build a prompt, and post to api.evolink.ai. Required binaries (python3, curl) are actually used. The single required env var (EVOLINK_API_KEY) is the API credential needed to call the external service.
Instruction Scope
The SKILL.md and scripts explicitly send user-provided content (error logs, messages, code) to api.evolink.ai for AI analysis. The README/SKILL.md declare this. The scripts do not attempt to read arbitrary files or other environment variables beyond EVOLINK_API_KEY and optional EVOLINK_MODEL, and they use temporary files for payload construction (with a trap to remove them). This is scope-appropriate but means you should avoid sending secrets or PII in logs.
Install Mechanism
The package includes an npm installer (bin/install.js) that copies bundled skill-files into a skills/ directory and updates a .clawhub lock. There are no remote downloads or obscure URLs in the install step. Installing via npx will download the npm package from the registry — standard but worth noting because that runs installer code locally.
Credentials
Only EVOLINK_API_KEY is required (EVOLINK_MODEL optional). That single credential directly supports the stated purpose (calling the Evolink API). No unrelated credentials, system tokens, or config paths are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills' configs, and does not persist credentials. Installer writes files into a project-level skills directory and updates a .clawhub lockfile — expected behavior for a skill installer. Temporary payload files are created and removed with a trap on exit.
Assessment
This skill appears to do what it says: AI commands send any logs, error messages, or code you provide to api.evolink.ai using the EVOLINK_API_KEY. Before installing or using it: 1) Do not send secrets, credentials, or sensitive PII in logs or files you submit to the AI endpoint. 2) Review the bundled scripts (scripts/debug.sh) yourself — installing via npx executes installer code locally. 3) Verify the privacy/security policy of evolink.ai if you need guarantees about retention or handling of submitted data. 4) If you need offline analysis, stick to the local info commands (languages, cheatsheet) which do not make network calls. 5) If you want stronger isolation, create a dedicated API key with limited scope (if supported) and rotate it if it is ever exposed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97atsdfrdn56vd8nh01pchpq984hzwk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, curl
EnvEVOLINK_API_KEY
Primary envEVOLINK_API_KEY

Comments