OpenClaw Problem Solver自动修复小龙虾
ReviewAudited by ClawScan on May 13, 2026.
Overview
The skill is mostly aligned with OpenClaw troubleshooting, but it needs review because it can proactively run local exec tests based on web results and persist troubleshooting context.
Review the exact commands before allowing this skill to run anything locally, especially exec-based tests or openclaw doctor --fix. Avoid sharing secrets in problem reports, and check what troubleshooting facts the skill saves to memory.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A wrong or maliciously influenced search result could lead the agent to run an unsafe local test command before the user has reviewed the exact command and scope.
This directs the agent to run local commands/tests based on externally retrieved material. Local exec is purpose-aligned for troubleshooting, but the artifact does not clearly require explicit approval, sandboxing, or command allowlisting for this initial test path.
**Initial Test:** Proactively call `exec` with an MRE derived from search results.
Require explicit user approval for every exec command, show the exact command and working directory, run only in a temporary/sandboxed project when possible, and avoid executing code copied from search results without review.
Problem descriptions, commands, and solution summaries may remain in memory after the session and influence future answers.
The skill intentionally persists troubleshooting details and session state for future use. This is aligned with its knowledge-creation purpose, but users should know issue details may be retained and reused.
Store the core problem/solution pair as a permanent fact... Update State (`~/proactivity/session-state.md`).
Do not include secrets in bug reports; prefer redacted summaries for memory, and provide a way for the user to review or delete saved troubleshooting memories.
Local profile or identity context may be used while diagnosing an OpenClaw issue.
The skill reads local user-context files to personalize troubleshooting. This appears purpose-aligned, but those files may contain private identity or preference information.
**Action:** Read `USER.md` and `IDENTITY.md`.
Keep sensitive identity details out of these context files or ensure the agent only uses the minimum needed information for the troubleshooting task.