debugging
v2.56.0Systematic root-cause debugging with verification. Use when debugging, troubleshooting, or facing errors, stack traces, broken tests, flaky tests, or regress...
⭐ 0· 155·0 current·0 all-time
byIlia Alshanetsky@iliaal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (systematic debugging) matches the provided materials: a detailed SKILL.md with debugging process, references, and a diagnostics script. Nothing requested (no env vars, no binaries, no installs) is extraneous to debugging.
Instruction Scope
SKILL.md stays within debugging scope and explicitly directs using scripts such as scripts/collect-diagnostics.sh to capture environment state. That script collects user, cwd, git metadata (branch, last commit, remote URL), tool versions, detected project files, and a small whitelist of env vars. Those actions are expected for differential/debugging, but they produce privacy-sensitive data (PWD, whoami, git remote) that should be reviewed/redacted before attaching to external bug reports.
Install Mechanism
There is no install spec (instruction-only plus a shell script). Nothing is downloaded or written by an installer; risk from install mechanism is minimal.
Credentials
The skill requests no environment variables or credentials. The diagnostics script prints a limited subset of environment variables only. However, it does capture git remote URLs and filesystem paths which may contain sensitive information (rare cases: embedded credentials in remote URLs). This is proportionate for debugging but sensitive—users should verify output before sharing.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It does not request persistent privileges or modify other skills or system-wide settings.
Assessment
This skill appears to be what it claims: a debugging aide with a diagnostics script. Before running collect-diagnostics.sh or sharing its output: (1) inspect the script (it is included) so you know what will be captured; (2) run it in a safe context (container, ephemeral VM, or a non-sensitive checkout) if you are concerned about leaking PWD, username, git remotes, or commit metadata; (3) review and redact the generated report before attaching it to external bug trackers (git remote URLs can occasionally contain tokens, and paths/usernames are private); (4) if you need stricter privacy, modify the script to omit or mask fields (e.g., do not print `whoami`, `pwd`, or `git remote get-url`), or run only selected sections. Overall the skill is coherent and low risk, but treat diagnostics output as potentially sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk97efwj5xggvfcevq8z3sjcedh84vtn8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.