ClawHub

Confucius Debug

v2.0.2

AI debugging assistant that never repeats a mistake. Searches the YanHui Knowledge Base (6,800+ scraped issues, 980+ imported solutions) for instant fixes, o...

0· 1k·5 current·5 all-time
bytkman@sstklen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (debugging backed by a knowledge base) align with the declared requirements: curl/jq are used to call the api.washinmura.jp endpoints and CONFUCIUS_LOBSTER_ID is used as an identity/attribution field. No unrelated binaries, cloud credentials, or config paths are requested.
Instruction Scope
SKILL.md instructs searching the KB first and using analyze/escalate/contribute endpoints. The shipped scripts implement search and analyze and do not automatically read files or system state. However, the documented 'escalate' flow asks users to submit environment, logs, and project structure — which can include sensitive data if the user provides it. The skill does not auto-exfiltrate data, but it explicitly encourages users (manually) to send potentially sensitive context when escalating.
Install Mechanism
No install spec; skill is instruction-only with two small bash scripts. This is low-risk: nothing is downloaded or extracted at install time.
Credentials
Only one env var is required: CONFUCIUS_LOBSTER_ID, which the scripts use as an identifier. That is proportionate. Caution: the skill's escalate/contribute endpoints expect environment and logs from the user — those may contain secrets if included by the user. The skill does not request unrelated credentials, but user-provided payloads can leak sensitive info.
Persistence & Privilege
always:false and no install-time persistence or modifications to other skills/configs. The skill does save contributed solutions into the remote KB (a normal side effect of 'contribute'), but it does not demand elevated or persistent local privileges.
Assessment
This skill is coherent for debugging: the scripts simply POST to https://api.washinmura.jp and require a single identifier env var. Before using it, consider: (1) Treat CONFUCIUS_LOBSTER_ID as an identity string (avoid putting a secret or token there). (2) Do NOT include API keys, private keys, passwords, or other sensitive tokens inside logs, stack traces, or project_structure you send via the 'escalate' or 'contribute' endpoints. Prefer using confucius_search (no ID needed) to check the KB without sending context. (3) If you must use analyze/escalate, review what you paste into the payload and redact secrets. (4) If you have doubts about the remote service, inspect network traffic or run the scripts in a controlled environment first. Overall the skill appears internally consistent, but user-provided logs/environment can leak secrets if not carefully redacted.

Like a lobster shell, security has layers — review code before you run it.

aivk974jjmx3dyy3qvhh0gjjtmtzh81w8awconfuciusvk974jjmx3dyy3qvhh0gjjtmtzh81w8awdebuggingvk974jjmx3dyy3qvhh0gjjtmtzh81w8awknowledge-basevk974jjmx3dyy3qvhh0gjjtmtzh81w8awlatestvk97dm4ztsp01hwnh2cw2m7jqg181xbynmcpvk974jjmx3dyy3qvhh0gjjtmtzh81w8aw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Binscurl, jq
EnvCONFUCIUS_LOBSTER_ID
Primary envCONFUCIUS_LOBSTER_ID

Comments