error-detective
PassAudited by ClawScan on May 5, 2026.
Overview
This is an instruction-only debugging helper with no install or credentials, though its example code should be reviewed before reuse because it reads source snippets and can send derived metrics.
This skill appears safe to install as an instruction-only debugging aid. Be careful when sharing production logs, stack traces, or source snippets with any debugging assistant, and review the reference code before copying it into a real project.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user copies and runs the example without safeguards, stack-trace paths could cause local source-code snippets to be read and included in reports.
The markdown example shows code that reads a file named by a stack frame and includes nearby source context. This is aligned with debugging, and it is not installed or automatically run by the skill, but copied implementations should constrain file paths.
const source = await this.loadSourceCode(frame.fileName); ... enhanced.context = lines.slice(start, end);
If implementing this example, restrict reads to the intended project workspace, validate stack-frame paths, and ask before including source snippets in output.
If implemented, debugging metadata may be sent to a configured metrics service.
The example uses a configurable metrics endpoint and appears to send derived investigation metadata rather than raw logs or code. This is not active skill behavior, but it is an external data flow to review if reused.
this.metrics = new MetricsCollector(config.metricsEndpoint); ... this.metrics.track('error.investigated', { pattern: pattern?.name, rootCause: rootCause.type, solutionsFound: solutions.length, });Document the metrics destination, minimize telemetry fields, avoid sending stack traces or source snippets unless explicitly approved, and allow telemetry to be disabled.