gstack Investigate
v1.0.0Provides systematic root cause analysis and verified fixes for bugs or errors using a four-phase debugging process without guessing or premature fixes.
⭐ 0· 153·0 current·0 all-time
byGarry Tan@garrytan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (systematic root-cause debugging) matches the instructions (collect symptoms, read code, reproduce, test hypotheses, implement fixes). The requested operations (git history checks, adding logs, running tests, searching externals) are all coherent with a debugging workflow.
Instruction Scope
The SKILL.md instructs the agent to run commands (e.g., git log), read code, add temporary logging, run the full test suite, and perform external searches after sanitizing data. These are expected for debugging, but the instructions also tell the agent to 'Save the report to memory/' which implies write access to an agent workspace or persistent memory that is not declared elsewhere. It also tells the agent to check 'memory' for prior sessions. These are reasonable for this kind of skill but are not explicitly declared in the metadata.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or executed from untrusted URLs by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which aligns with its non-networked guidance. However, it implicitly requires access to project repositories and test environments (e.g., git, test runners) and the ability to run commands — these runtime capabilities are not listed in requires.binaries or config paths, a minor mismatch between metadata and instructions.
Persistence & Privilege
always:false (not force-included) and model invocation is allowed (platform default). The instruction to save debug reports to memory/ implies the skill will persist artifacts between sessions; this is reasonable for debugging but the metadata did not declare any config paths for persistent storage.
Assessment
This skill is an instruction-only debugging guide and appears to do what it says. Before installing, confirm the agent runtime will (1) have git and any test runners available and (2) be allowed to read the target repository and write to its memory/workspace (the skill tells the agent to save reports to memory/). If you plan to let the agent run tests or modify code, ensure those operations run in a safe environment (not production), and avoid granting it access to credentials or secrets it doesn't need. The SKILL.md advises sanitizing data before external searches — keep that practice. If you need higher assurance, ask the skill author to (a) declare required binaries (git, test tools) and the memory/config paths it will write to, and (b) confirm no network uploads of raw traces or secrets will occur.Like a lobster shell, security has layers — review code before you run it.
latestvk97bwh1y25z6nvwz7m0g6tgnkh8497x1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.