agent-error-logger-new
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a coherent local error-log memory skill, with the main cautions being persistent stored logs and manual GitHub publishing credential examples.
This skill appears safe to use for local error logging if you are comfortable with persistent workspace memory. Avoid recording secrets in error logs, review stored logs periodically, verify the real installation source, and do not paste GitHub tokens directly into command-line URLs.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Following the placeholder literally or substituting an unverified repository could lead to installing the wrong code.
The manual install instructions point to a placeholder repository rather than a concrete verified source. This is a provenance note, not evidence of malicious runtime behavior.
git clone https://github.com/YOUR_USERNAME/agent-error-logger.git
Install only from a verified ClawHub package or a known repository, and update metadata/docs with the real source URL.
If error logs contain secrets, private task details, or prompt-like instructions, those details may be resurfaced or influence future behavior.
The skill intentionally stores long-term error memory and retrieves it before later tasks, so logged content can shape future agent responses.
workspace/memory/ ... error-patterns.md # 错误模式索引(长期) ... 主动提醒: 新任务前检索相似错误,提前预警
Keep log entries factual, avoid storing secrets, periodically review/delete old logs, and treat retrieved log content as untrusted context.
A leaked PAT could allow unwanted GitHub actions within the token's granted scope.
The publishing guide shows a GitHub Personal Access Token embedded directly in a command URL, which can expose the token through shell history or process logs.
git push https://YOUR_USERNAME:YOUR_PAT@github.com/KoonChaoSo/agent-error-logger.git main
Use GitHub CLI authentication or a credential manager instead of placing tokens directly in command lines; if a token is needed, use a minimally scoped short-lived token.