ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PUA Debugging

v1.0.0

Forces exhaustive problem-solving using corporate PUA rhetoric and structured debugging methodology. MUST trigger when: (1) any task has failed 2+ times or y...

0· 350·5 current·5 all-time
by@tanweai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description promise exhaustive, proactivity-driven debugging; SKILL.md consistently instructs the agent to exhaustively search, read source, run validations and verify fixes. There is no mismatch between claimed purpose and required actions.
!
Instruction Scope
The instructions mandate using platform tools (search, file reads up to 50 lines of source, running tests/curl/commands, isolating environments) and to 'do tools-first, ask-later' before user prompts. While relevant to debugging, this grants the agent broad discretion to access files/execute commands and to probe environments without explicit per-task consent — a privacy and safety risk that should be constrained by runtime policies.
Install Mechanism
Instruction-only skill with no install spec and no code files — low file-system/install risk.
Credentials
Skill declares no env vars/credentials (appropriate). However, it expects access to platform tools (search, file I/O, command execution). Those expectations are plausible for debugging but should be limited to intended scopes and audited, since the skill does not explicitly restrict which files/paths or external services may be contacted.
Persistence & Privilege
always:false (good). The skill allows normal autonomous invocation; combined with its broad tool-use instructions this raises the blast radius if the agent is permitted to act without careful sandboxing or permission prompts.
What to consider before installing
This skill is coherent with a 'force persistence' debugging role but is potentially risky in practice. Before installing: (1) ensure your agent runtime enforces per-skill/tool permissions (limit which files/directories and which system commands it may run); (2) configure explicit consent rules so the agent asks before accessing sensitive paths or sending data externally; (3) test the skill in a sandboxed environment to observe behaviors and tune trigger conditions (it triggers on many user-stated frustrations and failure counts); (4) consider user-experience/ethical impact — the PUA-style rhetoric is aggressive and may be inappropriate for many contexts; (5) monitor logs and be ready to revoke the skill if it reads sensitive data or behaves too aggressively. If you can, ask the publisher for a narrower trigger set or explicit constraints on allowed tool usage.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ex3q9h2kd2qr8cxa3ky6q6582r8r8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments