bug-audit
Comprehensive bug audit for Node.js web projects. Activate when user asks to audit, review, check bugs, find vulnerabilities, or do security/quality review on a project. Works by dissecting the project's actual code to build project-specific check matrices, then exhaustively verifying each item — not by running a generic checklist. Supports games, data tools, WeChat apps, API services, bots, and dashboards.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/abczsl520/bug-auditWhat This Skill Does
The bug-audit skill for OpenClaw is a sophisticated diagnostic tool designed specifically for Node.js web projects. Unlike traditional static analysis tools that rely on generic, one-size-fits-all checklists, bug-audit performs a deep-dive, contextual dissection of your codebase. It builds a project-specific knowledge graph by extracting six critical structural categories: API Endpoints, State Machines, Timers, Numeric Values, Data Flows, and Resource Ledgers. By systematically analyzing the relationships between these elements, the tool identifies complex logic flaws that automated scanners typically miss, such as race conditions, state leakage, and insecure sequential transaction flows.
Installation
To integrate this skill into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/abczsl520/bug-audit
Use Cases
This skill is ideal for security-conscious developers, QA engineers, and system architects. It excels in environments where business logic complexity is high, such as:
- Gaming Backends: Checking for state persistence bugs, loot manipulation, and race conditions in event loops.
- Fintech APIs: Verifying the atomicity of multi-step transaction flows and ensuring data integrity.
- WeChat Mini Programs: Auditing cross-lifecycle state management and input validation.
- Real-time Dashboards: Ensuring timers and resource management do not lead to memory leaks or stale data state issues.
Example Prompts
- "I'm worried about the checkout flow in my Node.js backend. Please run a bug-audit to see if users can skip the payment step while still getting the digital items."
- "Perform a security review on my game server code. I need to ensure that numeric values like damage and xp cannot be manipulated by the client."
- "Can you audit the API endpoints for my dashboard project? I suspect some internal IDs might be leaking in the response objects."
Tips & Limitations
The bug-audit skill performs its best work when the project structure follows standard Node.js patterns. It requires read access to your codebase to build its internal matrices. For the most accurate results, ensure your project is clean and free of excessive obfuscation. Remember that this tool is an assistant; while it is exceptional at finding structural flaws, human oversight remains vital for final architectural decisions. Because it performs an exhaustive analysis, large codebases may require the full 15-minute dissection period.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-abczsl520-bug-audit": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read
Related Skills
debug-methodology
Systematic debugging and problem-solving methodology. Activate when encountering unexpected errors, service failures, regression bugs, deployment issues, or when a fix attempt has failed twice. Also activate when proposing ANY fix to verify it addresses root cause (not a workaround). Prevents patch-chaining, wrong-environment restarts, workaround addiction, and "drunk man" random fixes.
game-quality-gates
Game development quality gates and mandatory checks. Activate when building, reviewing, debugging, or deploying any game project (H5/Canvas/WebGL/Phaser/Three.js/2D/3D). Covers state cleanup, lifecycle management, input handling, audio, persistence, networking, anti-cheat, and performance. Use as pre-deploy checklist or when diagnosing game-specific bugs (state leaks, phantom timers, buff conflicts, memory growth, touch issues).
memory-cn
OpenClaw + Ollama 中文记忆系统优化。诊断 FTS5 unicode61 中文分词 bug,优化搜索参数,自动维护记忆文件。命中率从 55% 提升到 100%。
nodejs-project-arch
Node.js project architecture standards for AI-assisted development. Enforces file splitting (<400 lines), config externalization, route modularization, and admin dashboards. Use when creating new Node.js projects, refactoring large single-file codebases, or when AI context window is being consumed by oversized files. Covers H5 games (Canvas/Phaser/Matter.js), data tools (crawlers/scrapers), content platforms, monitoring dashboards, API services, and SDK libraries.
codex-review
Three-tier code quality defense: L1 quick scan, L2 deep audit (via bug-audit), L3 cross-validation with adversarial testing. 三级代码质量防线。