by 安全扫描
OpenClaw
安全
high confidenceThe skill is an instruction-only bug-fix workflow that stays within its stated purpose and does not request extra credentials or install anything unusual.
评估建议
This skill is internally consistent and appears safe as an instruction-only bug-fix checklist. Before installing or allowing an agent to execute it, verify: (1) the agent's runtime has no unchecked access to your repo or production secrets — tests can execute code and may access resources; (2) if you expect Playwright or Supabase validation, ensure those tools and any required credentials are provisioned intentionally and scoped with least privilege; (3) confirm the agent cannot autonomously pus...详细分析 ▾
✓ 用途与能力
Name/description (bug-fix workflow) matches the SKILL.md: it describes triage, reproduction, root cause analysis, minimal fixes, testing, and report generation. The files referenced (specs/PROJECT-CONTEXT.md, docs/, assets/bugfix-report-template.md) are coherent with a repo-scoped debugging workflow.
ℹ 指令范围
Instructions are narrowly scoped to project files, tests, and the provided report template. They recommend using project tests and tools (unit tests, Playwright, Supabase queries) but do not instruct reading unrelated system files or exporting data externally. Note: SKILL.md references Playwright MCP and Supabase MCP — these are expected testing/data tools but the skill does not declare how to obtain credentials or invoke remote endpoints.
✓ 安装机制
No install spec and no code files — instruction-only skill. Nothing is downloaded or written by an installer, which minimizes risk.
✓ 凭证需求
The skill requests no environment variables, binaries, or credentials. References to test tools (Playwright, Supabase) are reasonable for verification steps but the skill does not ask for tokens or secrets.
✓ 持久化与权限
always is false and model invocation is normal (not disabled). The skill does not request persistent system-wide changes or access to other skills' configs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/25
- Initial release of "bugfix-workflow" skill. - Provides a structured workflow for distinguishing and fixing real bugs versus feature change requests. - Outlines clear steps for simple (quick fix) and complex (full investigation and report) bug scenarios. - Enforces best practices: always validate bugs, require testing/verification, and generate repair reports for complex issues. - Strongly promotes minimal, targeted code changes and discourages unnecessary refactoring during bug fixes.
● 无害
安装命令
点击复制官方npx clawhub@latest install bugfix-workflow
镜像加速npx clawhub@latest install bugfix-workflow --registry https://cn.longxiaskill.com