Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
system-repair-expert
v1.0.0提供严格按优先级步骤诊断与解决系统、软件、配置及报错问题,结合记忆匹配、官方文档和多来源验证确保方案高效可靠。
⭐ 0· 1.9k·5 current·5 all-time
by@xqicxx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is titled 'system-repair-expert' and contains step-by-step troubleshooting instructions, web_search and memory_search integrations, and an implementation file that calls web_search. Requested capabilities (internet search, memory lookup) align with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to gather user-provided logs, error text, screenshots, environment info and to consult memory and web search; it explicitly requires user consent before writing or running one-off fix scripts. This scope is appropriate for troubleshooting, but the skill also states it will 'store' the repair process in memory—the implementation (integration.js) does not perform memory writes itself, so there's a small mismatch between written instructions and code behavior.
Install Mechanism
No install spec or external downloads are present; the skill is instruction-only with a small integration.js file. This minimizes disk-write/install risk.
Credentials
The skill does not request any environment variables or secrets. It references using a 'Brave API' via the web_search tool; that is expected to be provided by the platform and so the skill itself not requesting API keys is reasonable. One minor inconsistency: SKILL.md describes storing/updating memory, but the manifest lists memory capabilities as 'memory_recall' and the code does not perform memory writes—confirm whether the runtime will grant memory write access before enabling persistent storage of cases.
Persistence & Privilege
always:false and no indications of modifying other skills or system-wide settings. The skill expects to read user-supplied logs and to use platform search and memory services; this is consistent with a troubleshooting assistant and does not request elevated or persistent agent-wide privileges.
Assessment
This skill appears coherent for a troubleshooting assistant, but check these before installing:
- Confirm how your Clawd platform provides web_search (Brave) and memory services and whether any external API keys are managed by the platform (the skill itself doesn't request keys).
- Confirm whether the skill will persistently store case data in your memory system; SKILL.md says it will store/update memory but the manifest/code don't clearly show memory-write—ask the author or platform what memory permissions will be granted.
- The skill promises to ask for explicit consent before generating or running any repair scripts; be sure the agent prompts you and you never allow script execution without reviewing the script and rollback steps.
- Avoid sending sensitive secrets (passwords, private keys) in logs—provide only the information necessary for debugging.
- If you plan to publish any created skills to a hub, review them for accidental exposure of credentials or hard-coded endpoints.
If you want, I can extract the exact lines that mention memory-write and the lines in the manifest/package.json that differ so you can ask the author specific questions.Like a lobster shell, security has layers — review code before you run it.
latestvk977q4nfdft7d552ee88sc0w4d80f17x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.