Shadows Bug Hunter
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent debugging skill that clearly discloses its source-code edits and test-running behavior, with no evidence of hidden credentials, persistence, or exfiltration.
This skill appears safe for normal debugging work. Before installing, understand that it may edit your project files and run your repository's tests; review changes before committing and use a sandbox for untrusted code.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may edit source files while investigating and fixing bugs.
The skill directs the agent to modify project source files, which is expected for debugging but should be noticed because it can alter the user's repository.
Technique 1 (Log Injection) temporarily modifies source files to inject debug statements. All injected code MUST be removed before commit
Review diffs before committing or deploying, and confirm temporary debug logs are removed.
Tests in the repository may run code with the user's local permissions.
The skill may run project tests via pytest, jest, or vitest; this executes repository code, but the behavior is disclosed and directly related to debugging.
Technique 4 executes the project's test suite, which runs repository code. Only use on trusted repositories or within a sandboxed environment.
Use this skill on trusted repositories, or run tests in a sandbox when working with unfamiliar code.