← Back to Skills Marketplace
ryce

Crash Fixer

by Hamon Ben Riazy · GitHub ↗ · v3.0.0
cross-platform ⚠ suspicious
654
Downloads
0
Stars
5
Active Installs
6
Versions
Install in OpenClaw
/install crash-fixer
Description
Autonomous crash analysis and bug fixing. Monitors crash reports from Cloudflare D1, deduplicates, analyzes with Codex 5.3 High, generates fixes, and creates...
README (SKILL.md)

crash-fixer

Full autonomous crash-fixing loop. Fetches crashes, deduplicates, analyzes with AI, generates fixes, and creates PRs.

Trigger

/crash-fixer [--hours 24] [--limit 5] [--dry-run]

How It Works

  1. Fetch - Query crash reporter for new crashes
  2. Deduplicate - Check fingerprint for identical crashes already fixed
  3. Analyze - Use Codex 5.3 High (o3-high) to understand crash
  4. Fix - Generate code fix
  5. PR - Create branch → commit → PR
  6. Update - Mark status in crash reporter

Options

Flag Default Description
--hours N 24 Only fetch crashes from last N hours
--limit N 3 Max crashes to process per run
--dry-run false Analyze but don't create PRs

Required Environment

Variable Description
GH_TOKEN GitHub API token
CRASH_REPORTER_API_KEY API key for crash reporter worker
CRASH_REPORTER_URL URL of crash reporter worker
TARGET_REPO GitHub repo to fix (owner/name)

Note: Uses MiniMax M2.5 (available in OpenClaw) for AI analysis - no extra API key needed.

Example

/crash-fixer --dry-run
Usage Guidance
This skill has clear inconsistencies you should resolve before installing: - Ask the author to explain and fix the mismatch between SKILL.md and index.js: SKILL.md says MiniMax M2.5 is available and 'no extra API key needed', but the code calls https://api.minimax.chat with Authorization: Bearer ${ZAI_API_KEY} (an env var not documented). It also mentions 'Codex 5.3 High' in the docs but the code does not call OpenAI. - Treat this as a potential data-exfiltration risk: the code sends crash details (including user_id and device info) to an external endpoint (minimax.chat). Only proceed if you trust that endpoint and the associated API key usage is documented and intended. - Never supply your personal GH_TOKEN with broad scopes. If you test, create a limited-service token with only the repo scopes needed and prefer a test repo. - Request an updated SKILL.md that lists all environment variables used (including ZAI_API_KEY) and documents where crash data is sent. If the skill must call an external AI API, ask for justification why it cannot use the platform-provided model. - If you cannot get clear answers, run the skill in a sandboxed environment (dry-run) with minimal secrets and monitor network egress to confirm where data is sent before granting production credentials.
Capability Analysis
Type: OpenClaw Skill Name: crash-fixer Version: 3.0.0 The skill is classified as suspicious due to its high-risk capabilities and a critical prompt injection vulnerability. It uses a GitHub token (`GH_TOKEN`) to read, create branches, commit AI-generated code, and create pull requests in a target repository (`TARGET_REPO`), effectively allowing it to modify source code. The `analyzeCrash` function in `index.js` constructs an AI prompt using raw, unsanitized crash data (e.g., `errorName`, `message`, `stackTrace`). A malicious actor could submit a crafted crash report containing prompt injection instructions, leading the AI to generate malicious `fix_code` or specify an arbitrary `file_path`, which the skill would then commit to the target repository. This represents a significant supply chain risk and potential for remote code execution via AI manipulation.
Capability Assessment
Purpose & Capability
The declared purpose (fetch crashes, analyze, produce PRs) aligns with the requested GH_TOKEN, CRASH_REPORTER_API_KEY, CRASH_REPORTER_URL, and TARGET_REPO. However, the SKILL.md mentions using local/available MiniMax M2.5 and 'Codex 5.3 High', while the code calls an external minimax.chat API — a mismatch between description and actual implementation.
Instruction Scope
SKILL.md says no extra API key is needed and that MiniMax M2.5 is available in OpenClaw, but index.js posts crash payloads (including user_id and device/device_info) to https://api.minimax.chat and supplies an Authorization header from process.env.ZAI_API_KEY. The instructions do not disclose this external endpoint or the additional env var, meaning crash data will be transmitted outside the declared systems.
Install Mechanism
No install spec (instruction-only) and no downloads are present; risk from installation is low. There is a bundled index.js file so the runtime behavior must be inspected, but nothing writes arbitrary external install artifacts.
Credentials
Declared env vars (GH_TOKEN, CRASH_REPORTER_API_KEY, CRASH_REPORTER_URL, TARGET_REPO) are reasonable for the described task. But the code also expects ZAI_API_KEY (used to call an external minimax.chat service) which is not declared in SKILL.md. SKILL.md also references 'Codex 5.3 High' (an OpenAI model) despite no OpenAI credential being requested. Undeclared credentials and model mismatches are a red flag.
Persistence & Privilege
always:false and the skill does not request persistent platform privileges. The skill will create branches/commits/PRs using the user's GH_TOKEN (expected for the task), so standard least-privilege guidance applies for that token.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install crash-fixer
  3. After installation, invoke the skill by name or use /crash-fixer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.0.0
crash-fixer 3.0.0 - Major update: Fully autonomous crash-fixing workflow from report to PR creation. - Now supports user-invoked commands with customizable flags for hours, limit, and dry run. - Integrates Codex 5.3 High for crash analysis and MiniMax M2.5 for AI-powered fixes. - Enhanced environment variable support for secure configuration. - Automatically marks crash status after processing and PR creation.
v2.0.0
crash-fixer 2.0.0 - Added new required environment variable: TARGET_REPO for specifying the GitHub repository. - Updated documentation for clearer usage instructions, environment requirements, and streamlined workflow steps. - Removed _meta.json file. - Improved options and examples for easier invocation.
v1.3.0
crash-fixer 1.3.0 changelog: - Added support for the CRASH_REPORTER_URL environment variable in skill configuration. - Updated environment variable requirements in SKILL.md. - Added _meta.json file.
v1.2.0
- Added new environment variable requirements: OPENAI_API_KEY and CRASH_REPORTER_API_KEY, in addition to GH_TOKEN. - Updated documentation to reflect required API keys for OpenAI Codex and crash reporter integration.
v1.1.0
- Added automatic deduplication of crashes using fingerprinting to avoid repeated fixes for the same issue. - Switched code analysis to use Codex 5.3 High for improved root cause identification and code generation. - Enhanced crash processing logic: checks for existing PRs or fixes before attempting new ones. - Updated required environment: now requires only GH_TOKEN for operation. - Default crash processing limit per run changed from 5 to 3. - Documentation updated to clearly outline new workflow, deduplication strategy, and configuration options.
v1.0.0
Initial release of crash-fixer. - Monitors Cloudflare D1 for crash reports and filters non-bug feedback. - Analyzes stack traces with AI to identify and summarize root causes. - Searches codebase via GitHub API and generates automated fix PRs. - Supports dry-run mode and configurable crash query limits. - Requires GitHub and OpenAI API keys for operation.
Metadata
Slug crash-fixer
Version 3.0.0
License
All-time Installs 5
Active Installs 5
Total Versions 6
Frequently Asked Questions

What is Crash Fixer?

Autonomous crash analysis and bug fixing. Monitors crash reports from Cloudflare D1, deduplicates, analyzes with Codex 5.3 High, generates fixes, and creates... It is an AI Agent Skill for Claude Code / OpenClaw, with 654 downloads so far.

How do I install Crash Fixer?

Run "/install crash-fixer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Crash Fixer free?

Yes, Crash Fixer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Crash Fixer support?

Crash Fixer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Crash Fixer?

It is built and maintained by Hamon Ben Riazy (@ryce); the current version is v3.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments