Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
PUA Debugging (日本語)
v1.0.0企業PUA話術と構造化デバッグ方法論で徹底的な問題解決を強制する。発動条件:タスクが2回以上失敗、「できません」と言いかける時、ユーザーに手動対応を勧めようとする時、未検証で環境のせいにする時、同じ方案の微調整ループ、受け身な行動(検索しない/読まない/検証しない/待っている)、ユーザーの苛立ち('もっと頑張れ'...
⭐ 0· 208·0 current·0 all-time
by@tanweai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name and description (aggressive/structured debugging and motivation) align with the instructions: the SKILL.md repeatedly directs the agent to investigate, read error contexts, search docs/issues, and validate fixes — all coherent for a debugging/motivation tool. The skill requests no unrelated binaries, env vars, or installs.
Instruction Scope
The instructions tell the agent to autonomously run searches, read source/context (e.g., "前後50行"), inspect dependencies, execute verification commands (curl/tests), and to always investigate before asking the user. Those actions are reasonable for debugging, but the skill: (1) applies to "全タスクタイプ" (not only technical debugging), (2) gives no limits on which files/paths or external tools may be accessed, and (3) pressures the agent to avoid asking questions and use coercive phrasing. This creates a high risk of unintended access to private files, over-broad system/network access, context harvesting, or generating abusive responses.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk. Nothing will be written to disk by the skill package itself.
Credentials
The skill declares no environment variables or credentials (proportionate). However, the runtime guidance expects the agent to use available tools (search, file read, command execution, network checks). Because those tools can access sensitive data or require credentials, the skill should explicitly limit which resources the agent may touch; currently it does not.
Persistence & Privilege
always:false and user-invocable are appropriate. The skill does not request persistent privileges or modify other skills. Note: autonomous invocation is allowed by default (disable-model-invocation:false) — combine that with the skill's broad instructions and it could be triggered in contexts where the user did not expect aggressive investigation; consider limiting invocation scope.
What to consider before installing
This skill is coherent with a forceful debugging coaching purpose, but it carries real risks. Before installing, consider: (1) Limit scope — restrict the skill to technical/debugging tasks only and enumerate allowed repo/paths and tools it may use. (2) Require explicit, per-task consent before reading files, executing commands, or making network requests. (3) Add guardrails to forbid abusive/harassing language and to require polite phrasing. (4) Log/confirm actions that access user files or external services so a human can audit them. (5) If you operate in a sensitive environment, do not enable autonomous invocation without strong role/permission checks. If the publisher can provide a version that narrows scope and documents exactly which tools and paths the skill may access, re-evaluate; as-is, proceed with caution.Like a lobster shell, security has layers — review code before you run it.
latestvk97ektv9p78gdgkvt1rbymkva182s0jk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.