Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw故障排除工具
v1.1.0OpenClaw常见问题解决方案技能。提供自动化诊断、错误修复和性能优化功能。
⭐ 0· 679·7 current·9 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the included scripts and SKILL.md: the package contains a troubleshooter implementation, examples, a requirements.txt, and a version-updater. The features described (diagnose system, fix dependencies/permissions, workspace checks, performance hints, publish) are implemented or referenced by the code and docs. Some platform-specific paths (e.g., /opt/homebrew/lib/node_modules/openclaw) and the computed project/workspace path logic are present but are explainable by the intended deployment under ~/.openclaw/workspace.
Instruction Scope
The SKILL.md directs users/agents to run local Python scripts that perform filesystem inspection and remediation (checking workspace directories, stats, reading package.json, installing Python packages, modifying skill files, and publishing via the clawhub CLI). Those actions are within the stated scope (diagnosis and repair) but are impactful: running the skill can install packages, change files, and invoke the clawhub CLI to publish. The instructions do not ask for unrelated secrets or to contact unknown external endpoints.
Install Mechanism
There is no external install script; this is an instruction-plus-code package. Dependencies are declared in requirements.txt (standard PyPI packages). No downloads from untrusted URLs or archive extraction are present. The update/publish script invokes the 'clawhub' CLI (expected for publishing) but that requires the user to have that tool and credentials already.
Credentials
The skill requests no environment variables or credentials in metadata. The runtime code reads local filesystem paths (workspace, custom-skills, package.json) and will call pip to install packages and clawhub to publish. Those are proportional to the troubleshooting/publishing purposes. No hardcoded secret tokens or unrelated cloud credentials are requested.
Persistence & Privilege
always is false and the skill does not request forced persistence. The update_version script does modify a local skill file and can invoke publishing, which is expected for a package maintainer tool. The skill does not appear to modify other skills' configuration or system-wide agent settings beyond its own files.
Assessment
This package appears coherent with its stated purpose, but it performs impactful local operations: it will inspect your OpenClaw workspace, run pip to install missing Python packages, modify local skill files (update_version writes the skill file), and can invoke the 'clawhub' CLI to publish. Before installing or running: 1) review the scripts (openclaw_troubleshooting.py and update_version.py) yourself to confirm paths and behaviors; 2) back up your ~/.openclaw/workspace and important files; 3) do not run as root — run under a normal user account; 4) ensure you trust or have installed the clawhub CLI and its credentials before allowing publishing actions; 5) consider running first in an isolated environment (container or VM) if you are unsure. The code has some minor quality oddities (duplicate function definition, somewhat fragile permission checks), but these look like implementation issues rather than malicious intent.Like a lobster shell, security has layers — review code before you run it.
OpenClawvk97akh0kf8hrp4nwgv5bgf7wvx81fs5ddependency-checkingvk97akh0kf8hrp4nwgv5bgf7wvx81fs5dlatestvk9752jnkhxs0w49h5jz7aq86en81g9gtpermission-repairvk97akh0kf8hrp4nwgv5bgf7wvx81fs5dsystem-diagnosisvk97akh0kf8hrp4nwgv5bgf7wvx81fs5d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3