by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill is an instruction-only checklist (no code, no installs, no secret requests) and appears coherent and low-risk as-is. Before enabling it for an agent, consider the operational consequences: the protocol expects the agent to run tests, modify code, and open PRs—so you must decide what repository/CI/runner access the agent will have. If you grant the agent repo or CI tokens, follow least privilege: scope tokens narrowly, prefer ephemeral tokens, require human review/approval for merges, ...详细分析 ▾
✓ 用途与能力
The name/description match the content: an 8-step, testing-first protocol for bug fixes. Nothing in the skill requires unrelated resources (no env vars, binaries, or installs). The guidance (write failing test, find root cause, patch tests) is appropriate for the claimed purpose.
✓ 指令范围
SKILL.md contains procedural guidelines and templates only; it does not instruct the agent to read arbitrary files, exfiltrate data, call external endpoints, or run specific system-level commands. All referenced actions (writing tests, running suites, making PRs) are consistent with debugging workflows.
✓ 安装机制
No install spec and no code files—there is nothing to install or run on disk. This minimizes on-disk risk and is proportionate to an instruction-only skill.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. The actions it recommends (running tests, patching test system, creating PRs) would in practice require repository/CI access, but the skill itself does not request those—this is proportionate and expected.
✓ 持久化与权限
always is false and there are no install hooks. The skill can be invoked autonomously by models (platform default), which is normal; nothing in the skill asks for persistent agent privileges or to modify other skills.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/31
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install bug-fix-protocol
镜像加速npx clawhub@latest install bug-fix-protocol --registry https://cn.longxiaskill.com