ClawHub

Openclaw Investigate

v1.0.1

Systematic debug and root cause investigation framework (investigate-analyze-hypothesize-verify) that only fixes root causes. Suitable for bug debugging, abn...

0· 139·1 current·1 all-time
by@x-rayluan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (root‑cause investigation) align with the SKILL.md steps (collect symptoms, read code, git log, reproduce, add logs, run tests, write regression tests). However the skill implicitly assumes availability of developer tools (git, grep, test runner) even though required binaries are not declared — this is reasonable for a debugging skill but worth noting.
Instruction Scope
Instructions remain within the debugging domain (read code, inspect git history, run tests, add temporary logs, produce a structured debug report). They instruct the agent to paste command/test output and repository excerpts back to the user — expected for debugging but may surface secrets or sensitive config if present. The SKILL.md does not include guidance to redact secrets or avoid printing credentials.
Install Mechanism
No install spec and no code files — lowest-risk deployment model. Nothing is written to disk or downloaded by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to a debugging/investigation assistant.
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges or modify other skills or system configuration. Autonomous invocation is allowed (platform default) but not combined with other concerning factors.
Assessment
This skill appears coherent and low-risk as an instruction-only debugging framework. Before using it, be aware that it will ask you (or will produce) pasted code snippets, git history, stack traces, and test outputs — these can contain secrets (API keys, credentials, tokens, private data). If you plan to let the agent run in a repository: (1) ensure you trust the environment and do not send secrets; (2) consider providing a minimal repro or redacted logs instead of full files; (3) verify developer tools (git, grep, test runner) are available if you expect full functionality; (4) because it can output repository content, review outputs before sharing externally. No install or credentials are required, so installation risk is low.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ysvdqn38qs2p4jjfrrn6fn83ztrn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments