ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Version Bug Hunter

v1.0.0

查询 OpenClaw 特定版本的 GitHub bug/issue 报告。当用户想要:(1) 查询 OpenClaw 特定版本的 bug/issue,(2) 升级前查看避坑指南,(3) 搜索 GitHub 社区反馈的版本问题,(4) 获取版本稳定性评估,(5) 分析某个版本有多少严重 bug 或 regress...

0· 69·0 current·0 all-time
byNeo Shi@suidge
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the implementation: the script queries GitHub issues/PRs for openclaw/openclaw. This capability legitimately needs gh (GitHub CLI) and network/GitHub auth. However, the skill metadata lists no required binaries while the SKILL.md and script require gh (and the script also uses jq) — a mismatch between declared requirements and actual needs.
Instruction Scope
SKILL.md and scripts limit activity to querying the GitHub repo (gh issue/pr list/view). The instructions do not read unrelated files, exfiltrate data to external endpoints, or request unrelated credentials. They do assume you will run a local script file and use gh-authenticated access to GitHub.
Install Mechanism
There is no install spec (instruction-only with an included script). That minimizes installer risk. The SKILL.md references ClawHub and a GitHub repo, but no arbitrary download/install steps are defined in the bundle itself.
!
Credentials
The skill declares no required environment variables, but requires gh CLI which in turn uses stored GitHub credentials (gh auth) or environment tokens. The script also uses jq but this is not documented in the dependency list. The absence of declared binary/env requirements is an inconsistency you should verify before running.
Persistence & Privilege
The skill is not marked always:true and does not request elevated/system-wide privileges. It does not modify other skills or system configuration. Autonomous invocation is allowed by platform defaults but not exceptional here.
What to consider before installing
This skill appears to do what it says (search GitHub issues/PRs for a given OpenClaw version), but the package metadata omits required tools. Before installing/running: (1) inspect the included scripts yourself (you already have bug-hunt.sh) to confirm no unexpected behavior; (2) ensure gh and jq are installed and that you understand gh will use your GitHub credentials (check gh auth status and scopes); (3) run the script in a safe context (e.g., a terminal where you can review output) or a sandbox if you're cautious; (4) verify the upstream repo/author (SKILL.md references a GitHub URL) before trusting automated installs. The main issues are documentation/metadata gaps (undeclared dependency on jq and missing binary requirement), not obviously malicious code.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b1sbv9am33815bkyv5rdn3984mdes
69downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Neo Shi@suidge
latest
Download

OpenClaw Version Bug Hunter

作者: Initiated by Neo Shi and executed by 银月
许可证: MIT

快速开始

# 查询特定版本的 bug 报告
~/.openclaw/workspace/skills/openclaw-version-bug-hunter/scripts/bug-hunt.sh 2026.4.9

功能

此技能封装了 GitHub CLI (gh),自动搜索并分类 OpenClaw 官方仓库中与特定版本相关的 issue 报告。

输出内容

  1. 🔴 Critical / 严重问题 - 导致崩溃、数据丢失、系统不稳定的 bug
  2. 🟠 Regression / 回归问题 - 之前版本正常,当前版本失效的功能
  3. 🟡 General Bugs / 一般问题 - 其他 bug 报告
  4. 📊 统计信息 - 未解决/已解决 issues 数量
  5. ✅ 修复状态 - 已合并的修复 PR 列表

严重程度判定规则

详细规则见 references/severity-rules.md(按需加载)。

快速参考

  • Critical: 崩溃、数据丢失、安全漏洞、无限循环
  • Regression: 标记为 regression 标签的 issue
  • General: 标记为 bug 但非 critical/regression

使用场景

升级前避坑

# 在升级到 v2026.4.9 之前
bug-hunt.sh 2026.4.9

输出示例:

### 🔴 Critical / 严重问题
- #64745: macOS 2026.4.8 app causes infinite self-replication...

### 🟠 Regression / 回归问题
- #64552: Severe Performance Regression - 30-60 Second Delay...
- #64636: Version 2026.4.9 ignore the system environment proxy...

### 📊 统计信息
- 未解决 issues: 25
- 已解决 issues: 8

比较两个版本

# 比较 v2026.4.8 和 v2026.4.9
bug-hunt.sh 2026.4.8
bug-hunt.sh 2026.4.9

检查当前版本的已知问题

# 先用 openclaw status 查看当前版本
openclaw status | grep "app"

# 然后查询该版本的 bug
bug-hunt.sh 2026.4.8

依赖

  • GitHub CLI (gh) - 必须已安装并认证
  • Bash - 脚本运行环境

检查依赖

# 检查 gh 是否安装
gh --version

# 检查是否已认证
gh auth status

输出解读

推荐升级 ✅

  • Critical issues: 0
  • Regression issues: 0-1(非阻塞性)
  • 有已合并的修复 PR

谨慎升级 ⚠️

  • Critical issues: 1-2(但有 workaround)
  • Regression issues: 2-5
  • 暂无修复 PR

暂缓升级 ❌

  • Critical issues: 3+
  • Regression issues: 5+(影响核心功能)
  • 社区反馈集中爆发

高级用法

搜索特定标签

# 只搜索 regression
gh issue list --repo openclaw/openclaw --label regression --search "2026.4.9"

# 只搜索 Critical
gh issue list --repo openclaw/openclaw --label Critical --search "2026.4.9"

查看 issue 详情

gh issue view 64552 --comments

导出为 Markdown

bug-hunt.sh 2026.4.9 > bug-report-2026.4.9.md

限制

  1. 需要 gh CLI 认证 - 未认证用户无法访问 GitHub API
  2. API 速率限制 - 未认证用户每小时 60 次请求,认证后 5000 次
  3. 搜索精度 - 依赖 GitHub 搜索算法,可能遗漏未明确提及版本号的 issue

故障排查

问题:gh: command not found

解决:安装 GitHub CLI

# macOS
brew install gh

# 验证
gh --version

问题:gh: not authenticated

解决:认证 GitHub

gh auth login

问题:搜索结果太少

原因:issue 标题/正文未明确提及版本号

解决:手动搜索关键词

gh issue list --repo openclaw/openclaw --label bug --search "v2026.4.9 OR 2026.4.9 OR 2026.4.8"

相关文件

  • scripts/bug-hunt.sh - 核心搜索脚本
  • references/severity-rules.md - 严重程度判定规则(详细版)

发布渠道

银月注:此技能专为 OpenClaw 用户设计,帮助大家在升级前避开已知坑点~🌙

Comments

Loading comments...