by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears safe from a security/exfiltration standpoint (no network calls, no credential access), but it is functionally misleading: the bundled scripts are demo stubs that return hard-coded results and do not actually parse CLI arguments, read logs, or apply patches. Before installing or relying on it: (1) don't assume it will analyze real projects — test it in a safe sandbox with representative inputs; (2) inspect and/or modify the scripts to implement real file I/O and CLI parsing if ...详细分析 ▾
⚠ 用途与能力
The name and description promise automated diagnosis, runtime analysis, and patch generation. The three included Python scripts, however, return hard-coded demo data and do not actually read log files, open source files, or accept/act on the CLI flags shown in SKILL.md. That is a substantive mismatch between claimed capabilities and the provided implementation.
ℹ 指令范围
SKILL.md instructs running scripts with arguments (e.g. --error, --log, --buggy/--fixed). The scripts do not parse these CLI arguments or access the filesystem; they simply return canned results. The instructions do not request any unrelated files or credentials, so there is no scope creep, but they are misleading about operational behavior.
✓ 安装机制
No install spec, no downloads, and no additional binaries required. Being instruction-only with small local scripts minimizes installation risk.
✓ 凭证需求
The skill declares no required environment variables, no credentials, and no config paths. The code does not access environment variables or network resources, so requested privileges are proportional (minimal).
✓ 持久化与权限
always is false and the skill has no mechanism to persist or modify other skills or system-wide configuration. It does not request elevated presence or autonomy beyond normal invocation.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/3
NULL
● Pending
安装命令
点击复制官方npx clawhub@latest install ai-bug-fixer
镜像加速npx clawhub@latest install ai-bug-fixer --registry https://cn.longxiaskill.com