ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Session Debug Log Investigator

v1.0.0

Use when diagnosing a failing or confusing Claude Code session by enabling debug logging, tailing recent logs, and explaining warnings or errors.

0· 67·0 current·0 all-time
by@wimi321
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the instructions: diagnosing a session by enabling debug logging, tailing recent logs, and explaining warnings/errors. The skill is instruction-only and doesn't claim functionality beyond log inspection and config cross-checks.
!
Instruction Scope
SKILL.md tells the agent to 'enable debug logging', 'tail recent logs', and 'cross-check config files' but does not specify log or config paths, nor limits on which files may be read or modified. That vagueness gives the agent broad discretion to read or change files outside the intended scope (including potentially sensitive configs or logs) and to modify runtime settings (enable debug) without clear safeguards.
Install Mechanism
No install spec and no code files: the skill is instruction-only so nothing is downloaded or written to disk during install.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for a log-inspection helper, but contrasts with its runtime instructions which imply filesystem/config access that is not explicitly declared.
Persistence & Privilege
always is false and there is no indication the skill changes other skills or global agent settings. However, the instructions do include enabling debug logging which may persist system-level changes depending on how it is performed — the skill does not document whether changes should be temporary or reversible.
Scan Findings in Context
[no-findings] expected: The regex scanner found no code to analyze, which is expected because this is an instruction-only skill. Absence of findings does not guarantee safety — the SKILL.md content is the primary surface to review.
What to consider before installing
This skill appears to do what it says, but before installing or invoking it, confirm where it will read logs and which config files it may access, and whether it will make persistent changes when enabling debug logging. Prefer to: (1) grant only read access to specific log file paths (tailing only), (2) require explicit user approval before toggling debug settings or modifying configs, and (3) review any logs for sensitive data (API keys, tokens, PII) before sharing results. If you cannot constrain file paths or require reversible debug toggling, treat the skill cautiously or run diagnosis manually.

Like a lobster shell, security has layers — review code before you run it.

claude-codevk9784z1y14vwt8b5tszjdjwdz18424vtextractedvk9784z1y14vwt8b5tszjdjwdz18424vtlatestvk9784z1y14vwt8b5tszjdjwdz18424vt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments