by 安全扫描
OpenClaw
安全
medium confidenceNULL
评估建议
This skill coherently describes fixing a bug via a local BugPack API, but it leaves important operational and safety details unspecified. Before installing or using it: ensure the BugPack service at localhost:3456 is the intended target and authenticated as appropriate; confirm the agent has explicit, limited filesystem permissions and a working directory scoped to the project repo (to avoid accidental edits elsewhere); require that fixes be validated (run tests, run linters) and committed/pushe...详细分析 ▾
✓ 用途与能力
Name/description align with the instructions: it interacts with a BugPack API on localhost to get bug context, find related files, edit code, and mark status as fixed. No unrelated credentials, binaries, or installs are requested.
ℹ 指令范围
The SKILL.md explicitly instructs GET/PATCH to http://localhost:3456 and to edit source files referenced by the bug. Editing the codebase is consistent with fixing a bug, but the instructions are open-ended: they do not constrain which files may be modified, do not require running tests, committing, creating a PR, or validating the fix, and grant broad discretion to read/modify the local codebase.
✓ 安装机制
Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer and no third-party downloads are required.
✓ 凭证需求
No environment variables, credentials, or config paths are requested. Access to a local HTTP service (localhost:3456) is required by the skill and is proportionate to its purpose.
✓ 持久化与权限
always is false and the skill is user-invocable; it does not request persistent or elevated platform privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/3/18
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install bugpack-fix-bug
镜像加速npx clawhub@latest install bugpack-fix-bug --registry https://cn.longxiaskill.com