bug-fixing
v1.0.3Zero-regression bug fix workflow: triage → reproduce → root cause → impact analysis → fix → verify → knowledge deposit → self-reflect. Use when: - Feature br...
⭐ 0· 414·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (zero-regression bug-fix workflow) matches the instructions and reference docs: searching code, reproducing bugs, running tests, performing RCA, minimal fixes, and updating knowledge files. The declared lack of required env vars/binaries and absence of install steps is consistent with an instruction-only, repo-scoped troubleshooting workflow.
Instruction Scope
SKILL.md and reference files explicitly direct the agent to read/write project files, run linters/tests (pytest, mypy, npm, ruff), run searches (rg), delete caches (find .pyc, __pycache__), restart processes, gather runtime evidence (screenshots/DevTools traces), and update knowledge/bug-records. These actions are appropriate for bug fixing, but they give the agent broad file-system and execution scope within the project and may touch environment/config files (e.g., .env*) which can contain secrets. The instructions do not direct network exfiltration, but they do permit arbitrary command execution via the 'execute' tool.
Install Mechanism
No install spec and no code files — instruction-only. This is lowest-risk from an install/download perspective; nothing will be written to disk by an installer beyond what the agent itself does at runtime when following instructions.
Credentials
The skill declares no required environment variables or credentials (proportional). However the reference docs and workflow require scanning and possibly reading multiple .env* files and other config files when diagnosing configuration bugs. Access to those files is relevant to the task but can expose secrets; the skill does not request remote credentials or unrelated secrets.
Persistence & Privilege
always:false and normal model invocation are used. The skill does not ask for permanent presence or modify other skills' configs. It does instruct operations that modify local state (writing knowledge files, deleting caches, restarting services), which is appropriate for a bug-fix workflow but should be permitted consciously by the user.
Assessment
This skill appears to do what it says: search the codebase, run tests/linters, clear caches, restart services, and update project docs. Those actions require filesystem access and the ability to run commands. Before enabling: 1) Ensure the agent runs with limited privileges or in an isolated/test environment (so restarts and deletes don't affect production). 2) Remove or vault any secrets from project .env* files you do not want inspected, because the workflow explicitly recommends checking all env files. 3) Require explicit user approval before the agent executes destructive commands (delete files, restart services, run arbitrary shell commands). 4) Review any file edits the agent proposes before committing. If you need stricter controls, run the workflow manually or in CI where you can audit every command.Like a lobster shell, security has layers — review code before you run it.
latestvk97cd4nzpk1vbfrebxg24bthnn82cz65
License
MIT-0
Free to use, modify, and redistribute. No attribution required.