← Back to Skills Marketplace
327
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install sdd
Description
Scenario-Driven Detection — AI 자율 추론 기반 논리 결함 탐지/수정 프레임워크. 기능 에러(crash, 500)가 아닌 '논리적으로 비정상인 동작'을 찾아 자동 수정한다. 사용 시점: (1) URL을 주고 웹사이트 논리 테스트 요청, (2) 소스코드 프로젝...
Usage Guidance
Before installing or using this skill, be aware of these points: 1) The skill will try to read and modify your project files, run tests, and make git commits — only use it on repositories you trust and back up or work on a branch/fork. 2) It performs live site crawling and may require login credentials or tokens; provide only ephemeral or least-privilege credentials and avoid sharing long-lived secrets. 3) The metadata does not declare required tools (browser automation like Playwright/Puppeteer, a headless browser, git, node/test runner); confirm your agent environment has the expected tooling or the skill may fail or behave unpredictably. 4) Confirm whether the agent will ask for explicit user approval before applying any code changes or pushing commits — prefer modes that generate fix proposals rather than auto-applying fixes. 5) If you plan to let the agent post reports to Slack/Discord, use dedicated webhooks with limited scope. Providing the author or maintainer details, a clear list of runtime dependencies, and an explicit safety/consent flow (e.g., require interactive confirmation for commits) would reduce risk and could change this assessment to benign.
Capability Analysis
Type: OpenClaw Skill
Name: sdd
Version: 1.0.0
The 'SDD' skill bundle describes an automated framework for logic-flaw detection and code fixing. It contains high-risk instructions in SKILL.md that direct the AI agent to perform automated web crawling (including requesting authentication cookies/tokens) and to autonomously modify and commit source code based on AI-generated inferences. While the stated intent is for quality assurance, the combination of automated code modification, repository write access, and authenticated network interaction represents a significant attack surface and high-risk behavior that warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The declared purpose (find and automatically fix 'logical' defects in UIs/APIs) is plausible. However, achieving that requires filesystem access, VCS (git) operations, a browser automation/runtime (e.g., Playwright/Puppeteer or a real browser), and test runners. None of those tools, binaries, or environment/credential requirements are declared in the metadata, which is an incoherence: either the skill assumes the agent environment already has extensive capabilities or the metadata is incomplete.
Instruction Scope
SKILL.md instructs the agent to crawl URLs (click elements, capture DOM), analyze and modify source code (file:line changes), run existing tests, commit fixes, and post md reports to external channels (Discord/Slack). It also tells the agent to request login credentials or cookies when needed. These are high-scope actions that access user files, credentials, and external networks — none of which are described in the skill metadata or constrained in the instructions (e.g., no explicit requirement that the user must approve commits before they are made).
Install Mechanism
There is no install spec or code (instruction-only), which reduces supply-chain risk. That said, the runtime behavior described implicitly requires nontrivial tooling (browser automation, test runners, git). The absence of declared dependencies or recommended runtime tools is a gap (not an immediate code-execution risk, but an operational mismatch).
Credentials
The skill requests (in instructions) credentials/cookies for authenticated crawling and suggests posting reports to third-party channels — yet the registry metadata declares no required env vars or primary credential. The implicit need for access tokens, webhook URLs, or repository write permissions is disproportionate to the metadata and should be explicitly declared. The skill also writes files and performs VCS commits, which are sensitive actions relative to an 'analysis' skill.
Persistence & Privilege
The skill will write report files and, in Mode A, modify source code and create commits. While always:false (it is not force-enabled), these actions are powerful: autonomous invocation combined with code-modifying instructions increases blast radius if the agent is allowed to act without user confirmation. The SKILL.md does not mandate explicit user approval before applying commits, only a general note about not breaking tests — this is a privilege/consent gap.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sdd - After installation, invoke the skill by name or use
/sdd - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: AI autonomous inference-based logic defect detection and auto-fix framework
Metadata
Frequently Asked Questions
What is SDD - Scenario-Driven Detection?
Scenario-Driven Detection — AI 자율 추론 기반 논리 결함 탐지/수정 프레임워크. 기능 에러(crash, 500)가 아닌 '논리적으로 비정상인 동작'을 찾아 자동 수정한다. 사용 시점: (1) URL을 주고 웹사이트 논리 테스트 요청, (2) 소스코드 프로젝... It is an AI Agent Skill for Claude Code / OpenClaw, with 327 downloads so far.
How do I install SDD - Scenario-Driven Detection?
Run "/install sdd" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SDD - Scenario-Driven Detection free?
Yes, SDD - Scenario-Driven Detection is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does SDD - Scenario-Driven Detection support?
SDD - Scenario-Driven Detection is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SDD - Scenario-Driven Detection?
It is built and maintained by kimky1122 (@kimky1122); the current version is v1.0.0.
More Skills