ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Systematic Debugging

v1.0.0

Use when encountering any bug, test failure, or unexpected behavior, before proposing fixes

0· 97·0 current·0 all-time
by@soponcd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (systematic debugging) aligns with the instructions: phased root-cause investigation, pattern analysis, hypothesis testing, and safe implementation. The examples and commands are coherent for debugging tasks. Note: some example commands are macOS-specific (security, codesign) but the skill has no OS restriction.
!
Instruction Scope
SKILL.md explicitly instructs the agent to enumerate and print environment variables, run env | grep, inspect keychain state (security list-keychains, security find-identity), and run codesign. These steps read potentially sensitive data and could cause secrets to be output or logged. The instructions also reference other local files (root-cause-tracing.md) and another skill (superpowers:test-driven-development). While these actions are plausibly part of debugging, they expand scope into reading secrets/system state that were not declared or limited.
Install Mechanism
Instruction-only skill with no install spec and no code files. Lowest install risk — nothing will be written to disk by an installer.
!
Credentials
The skill requests no environment variables or credentials in metadata, yet the runtime instructions access and print environment variables (IDENTITY, APP, etc.) and query the OS keychain. That mismatch means sensitive data could be accessed/exposed without explicit consent or declared need.
Persistence & Privilege
always:false and no install actions; the skill is user-invocable and can be called autonomously (normal default). It does not request persistent presence or modify other skills' configs.
What to consider before installing
This skill is plausible and useful for disciplined debugging, but its instructions explicitly read and print environment variables and keychain state — actions that can expose secrets. Before using: (1) only run these diagnostics in a safe environment (not production) or sanitize the examples so they don't echo real secrets, (2) review and remove any commands that print sensitive variables, (3) confirm platform assumptions (codesign/security are macOS-specific), (4) verify the referenced local files/skills exist and are trusted, and (5) if you need to grant access to credentials, prefer doing so explicitly and temporarily rather than letting the skill probe the environment blindly.

Like a lobster shell, security has layers — review code before you run it.

latestvk970j1xzxx54dsdr1b1tdh29yx83kmxk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐛 Clawdis

Comments