← Back to Skills Marketplace
Json Repair Kit
by
WANGJUNJIE
· GitHub ↗
· v1.0.0
860
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install json-repair-kit
Description
Repair malformed JSON files by normalizing them through Node.js evaluation. Use this to fix trailing commas, single quotes, unquoted keys, or other common sy...
README (SKILL.md)
JSON Repair Kit
A utility to repair broken or "loose" JSON files (like those with trailing commas, single quotes, or unquoted keys) by parsing them as JavaScript objects and re-serializing as valid JSON.
Usage
# Repair a file in place (creates .bak backup)
node skills/json-repair-kit/index.js --file path/to/broken.json
# Repair and save to a new file
node skills/json-repair-kit/index.js --file broken.json --out fixed.json
# Scan directory and repair all .json files (recursive)
node skills/json-repair-kit/index.js --dir config/ --recursive
Supported Repairs
- Trailing Commas:
{"a": 1,}->{"a": 1} - Single Quotes:
{'a': 'b'}->{"a": "b"} - Unquoted Keys:
{key: "value"}->{"key": "value"} - Comments: Removes JS-style comments
//(if parser supports it, standard Nodeevalmay strip them if they are line comments outside of strings). - Hex/Octal Numbers:
0xFF->255
Safety
- Backup: Always creates a
.bakfile before overwriting (unless--no-backupis used, but default is safe). - Validation: Verifies the repaired content is valid JSON before writing.
- Eval Sandbox: Uses
vm.runInNewContextto parse, ensuring no access to global scope or process. It is safer thaneval().
Usage Guidance
This tool will execute the contents of the files you give it inside Node's VM to 'repair' loose JSON. That is functionally powerful but not a secure sandbox: a maliciously crafted file can execute JavaScript that escapes the VM and touches your filesystem or process. Only run this on files you trust. If you need to process untrusted input, consider safer alternatives: use tolerant parsing libraries (json5, strip-json-comments + JSON.parse, jsonc-parser) that don't evaluate code, or run the script inside an isolated container/VM with limited permissions. If you keep this tool, at minimum: (1) audit files before repair, (2) keep backups (.bak is created by default), and (3) consider replacing the eval-based fallback with a proper parser or an AST-based approach that doesn't run code.
Capability Analysis
Type: OpenClaw Skill
Name: json-repair-kit
Version: 1.0.0
The skill is classified as suspicious due to a critical Remote Code Execution (RCE) vulnerability in `index.js`. The `repairJson` function uses `vm.createContext` to evaluate user-provided JSON content, which is susceptible to known sandbox escape techniques. A malicious JSON file can be crafted to execute arbitrary Node.js code on the agent's system, despite the `SKILL.md` claiming the `vm` usage ensures 'no access to global scope or process.' This flaw allows an attacker to compromise the agent by providing a specially crafted input file.
Capability Assessment
Purpose & Capability
Name/description match the code and SKILL.md: the script reads .json files (single file or recursive directory), attempts JSON.parse, and falls back to evaluating the content as JavaScript to re-serialize valid JSON. File IO and backup behavior are consistent with the stated purpose.
Instruction Scope
SKILL.md and index.js instruct the agent to parse malformed JSON by evaluating the file content in a vm context and assert this is safe. In practice, vm.runInContext/vm.Script do not guarantee security against sandbox escapes; evaluating arbitrary file contents can lead to arbitrary JS execution with access to the host environment via known escape patterns (e.g., constructor.constructor / Function() usage). The instructions do not warn users to only run on trusted files or describe the risk.
Install Mechanism
No install spec; tool is instruction/code-only (index.js, package.json, test script). Nothing is downloaded or written during installation — low install risk.
Credentials
No credentials, env vars, or external endpoints are requested. The script reads and writes local files (including recursive directory scan) which is appropriate for a file-repair utility.
Persistence & Privilege
Skill is not always-enabled and does not request persistent platform privileges. It modifies only files the user points it at (creates .bak files by default) and exports functions for testing; it does not change other skills or global agent config.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install json-repair-kit - After installation, invoke the skill by name or use
/json-repair-kit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of JSON Repair Kit—a utility to fix malformed JSON files.
- Repairs common JSON syntax errors: trailing commas, single quotes, unquoted keys, JavaScript-style comments, and non-decimal numbers.
- Offers file and directory processing with backup creation by default.
- Ensures repaired content is valid JSON before saving.
- Uses a safe sandboxed environment for parsing to minimize risks.
Metadata
Frequently Asked Questions
What is Json Repair Kit?
Repair malformed JSON files by normalizing them through Node.js evaluation. Use this to fix trailing commas, single quotes, unquoted keys, or other common sy... It is an AI Agent Skill for Claude Code / OpenClaw, with 860 downloads so far.
How do I install Json Repair Kit?
Run "/install json-repair-kit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Json Repair Kit free?
Yes, Json Repair Kit is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Json Repair Kit support?
Json Repair Kit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Json Repair Kit?
It is built and maintained by WANGJUNJIE (@wanng-ide); the current version is v1.0.0.
More Skills