Auto Repair Agent
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for error diagnosis and repair, but it includes documented local command execution and persistent learned repair patterns that users should treat carefully.
Install only if you are comfortable with a Node.js helper that can run local commands when invoked. Use it with explicit, trusted commands, avoid teaching it secrets or private logs, and inspect the local learned-patterns file if results start looking unexpected.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user or agent runs an unsafe command through watch mode, it could modify files, run programs, or perform other local actions.
The skill can execute a shell command supplied to its watch flow. This is documented and purpose-aligned, but it gives the invoked command the user's local permissions.
const out = execSync(command, { encoding: 'utf8', timeout: 60000 });Only use watch mode with commands you explicitly trust and intend to run; do not pass untrusted text directly into the command argument.
Bad learned patterns could lead to poor future repair advice, and sensitive error text may be stored locally if users teach it as a pattern.
Learned repair patterns are persisted locally and loaded in future runs, so incorrect or sensitive learned entries could influence later diagnoses.
const PATTERNS_FILE = '.self-heal-patterns.json'; ... fs.writeFileSync(PATTERNS_FILE, JSON.stringify(custom, null, 2));
Review or delete .self-heal-patterns.json periodically, and avoid learning patterns that contain secrets, tokens, or private error logs.
Users have less provenance information and may not get an install-time warning that Node.js is needed.
The registry metadata gives limited provenance and does not declare the Node.js runtime that the SKILL.md examples require.
Source: unknown; Homepage: none; Required binaries (all must exist): none; No install spec — this is an instruction-only skill.
Verify the publisher and review the included JavaScript before use, especially because the skill can run local commands.