support-to-repro-pack
v1.0.0Convert support tickets, logs, and screenshots into sanitized, reproducible engineering issue packs
⭐ 2· 60·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the codebase: there is a deterministic Python backend (redactor, parsers, extractors, packager, CLI) that implements PII redaction, log parsing, stack-trace extraction, facts/timeline extraction and packaging. The SKILL.md instructions to run the Python tools (python -m repro_pack ...) align with the packaged CLI and pipeline.
Instruction Scope
SKILL.md tells the agent to read user-provided files (tickets, log paths, screenshots), save pasted text to temp files, run the CLI tooling, and produce outputs. Reading files and running local tools is expected for this task. One gap: SKILL.md instructs explicit image processing/OCR ("extract all visible text" from screenshots) but the visible Python modules in the manifest don't show an OCR/image-processing dependency or implementation (e.g., pytesseract, PIL, or a vision module) — either these files are among the truncated ones or the agent is expected to use platform vision capabilities. Confirm how screenshots are handled before relying on automatic image OCR.
Install Mechanism
No install spec in the registry (instruction-only skill) but the repo includes a Python package and SKILL.md asks to pip install -e /path/to/support-to-repro-pack. That is reasonable for local use, but there's no remote release host or package publisher declared; you must install from a local path. No external download URLs or installers were present in the provided manifest.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code itself scans for many PII patterns (AWS keys, JWTs, Stripe keys, etc.) which is appropriate for a redaction tool. There are no declared credentials or unrelated environment access requests.
Persistence & Privilege
Flags: always is false and model invocation is allowed by default. The skill does not request permanent system-wide presence or modify other skills. It writes output files and a validation report in the specified output directory — this is expected behavior for a packager.
Assessment
This package looks coherent for converting tickets/logs into sanitized repro packs, but check these before installing/using: 1) Verify screenshot/OCR handling — SKILL.md expects image text extraction but the visible code lacks an OCR dependency; confirm how images will be processed and whether platform vision features or extra libraries are required. 2) Install from a trusted local copy (pip install -e /path) rather than running arbitrary remote installs. 3) Run the CLI in audit mode (repro-pack redact --audit) and review 8_redaction_report.json to validate that sensitive fields are detected and replaced; do not assume 100% coverage — test with representative samples. 4) Inspect omitted/remaining files (the manifest truncated 41 files) for any network calls or unexpected endpoints before running on sensitive data. 5) Use an isolated environment (virtualenv/container) when processing sensitive logs/secrets, and avoid uploading raw inputs to third-party services. 6) Confirm template paths and that the .claude/skills templates referenced by the renderer exist in your deployment layout so rendering works as expected.Like a lobster shell, security has layers — review code before you run it.
latestvk97esdcwv60ytrjrr0f36zxaxx83qpq0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.