error-detective
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: ah-error-detective Version: 1.0.0 The skill bundle provides a framework for error analysis that includes high-risk capabilities such as reading arbitrary files from the local filesystem and collecting system-level metrics. Specifically, the TypeScript code in 'references/examples.md' uses 'fs.readFile' to load source code and source maps based on stack trace data without apparent path sanitization, and it includes a 'MetricsCollector' designed to exfiltrate data to a configurable external endpoint. While these functions align with the stated debugging purpose, they provide a significant surface for unauthorized file access and data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user copies and runs the example without safeguards, stack-trace paths could cause local source-code snippets to be read and included in reports.
The markdown example shows code that reads a file named by a stack frame and includes nearby source context. This is aligned with debugging, and it is not installed or automatically run by the skill, but copied implementations should constrain file paths.
const source = await this.loadSourceCode(frame.fileName); ... enhanced.context = lines.slice(start, end);
If implementing this example, restrict reads to the intended project workspace, validate stack-frame paths, and ask before including source snippets in output.
If implemented, debugging metadata may be sent to a configured metrics service.
The example uses a configurable metrics endpoint and appears to send derived investigation metadata rather than raw logs or code. This is not active skill behavior, but it is an external data flow to review if reused.
this.metrics = new MetricsCollector(config.metricsEndpoint); ... this.metrics.track('error.investigated', { pattern: pattern?.name, rootCause: rootCause.type, solutionsFound: solutions.length, });Document the metrics destination, minimize telemetry fields, avoid sending stack traces or source snippets unless explicitly approved, and allow telemetry to be disabled.