ClawHub

Log Anomaly Detector

v1.0.0

智能实时分析日志文件,识别错误、警告、安全威胁和性能问题,并提供异常检测与优化建议。

0· 564·1 current·1 all-time
by@honestqiao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (log anomaly detection) align with the triggers, SKILL.md, and skill.yaml. The skill does not request unrelated binaries, environment variables, or config paths.
Instruction Scope
SKILL.md and skill.yaml describe analyzing log text and pattern-matching for errors, warnings, performance and security keywords — this stays within the stated purpose. The JavaScript pseudo-implementation is embedded in skill.yaml but is incomplete (calls extractTimestamp which is not provided) and has a correctness issue: the regexes use the global flag (/g) while using RegExp.test inside a loop, which can produce intermittent misses because .test with /g is stateful. These are quality/robustness problems, not evidence of malicious behavior. The instructions do not direct reading arbitrary system files or exfiltration.
Install Mechanism
No install spec and no code files to be written or downloaded; instruction-only skills are lower risk from installation perspective.
Credentials
The skill does not request any environment variables, credentials, or config paths — proportional for an analysis-only helper.
Persistence & Privilege
always:false and normal invocation settings. The skill does not request persistent system privileges or modify other skills' settings.
Assessment
This skill appears coherent for log analysis and does not request credentials or installs, but exercise normal caution: logs often contain sensitive data (PII, credentials, tokens). Before using, verify how your agent will supply logs — avoid sending raw production logs to third-party services or models. If you intend to run the JavaScript example, note it is incomplete (extractTimestamp undefined) and has a regex /g state bug; fix those issues and sanitize logs to remove secrets before use. If you need higher assurance, ask the maintainer for a complete, signed implementation or run the logic locally in a sandbox with non-sensitive sample logs.

Like a lobster shell, security has layers — review code before you run it.

analysisvk9776gdf4y93zmj9yacpg5pyp581jqy1latestvk9776gdf4y93zmj9yacpg5pyp581jqy1logvk9776gdf4y93zmj9yacpg5pyp581jqy1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments