ClawHub

Shadows Bug Hunter

v1.1.0

Structured debugging with 4 techniques — Log Injection, Screenshot Analysis, Manual Trace, Test-Driven Fix. Use when facing errors, broken UI, regressions, o...

0· 226·0 current·0 all-time
by@nakedoshadow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description are a debugging protocol; required binary (git) and optional test runners (pytest/jest/vitest) match the declared techniques. No unrelated env vars, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to read repository files, run 'git log', temporarily inject debug statements into source files, execute project test suites, and then remove injected debug code. These actions are within the scope of a debugging skill, but they do include modifying files and executing repository code (the document explicitly warns to sandbox untrusted repos). The cleanup step is explicit but relies on the agent actually performing the verification and on a correct list of modified files.
Install Mechanism
No install spec (instruction-only). No downloads or package installs — lowest-risk install posture.
Credentials
No environment variables, credentials, or config paths are requested. The optional detection of test runners is local to the repository and matches the skill's purpose.
Persistence & Privilege
always is false, the skill does not request persistent presence or modify global agent settings. It does modify repository files temporarily as part of debugging, which is expected behavior and documented.
Assessment
This skill appears to do what it says: it reads your repo, may inject temporary debug prints into source files, and can run your project's tests. Those are normal debugging actions but can be dangerous on untrusted code (tests execute arbitrary repository code). Before using: ensure you run it only on trusted repositories or inside a sandbox/container, have a clean git working tree and backups, review any injected changes before committing, and verify the 'cleanup' step happened (inspect diffs). If you cannot or will not sandbox test execution, avoid triggering Technique 4 (Test-Driven Fix).

Like a lobster shell, security has layers — review code before you run it.

latestvk976eyfsawa8y0fn5xwehdwc2d82e3a1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐛 Clawdis
OSmacOS · Linux · Windows
Binsgit

Comments