garrytan/openclaw/skills/gstack-openclaw-investigate
openclaw/skills/gstack-openclaw-investigate/SKILL.md
--- name: gstack-openclaw-investigate description: Systematic debugging with root cause investigation. Four phases: investigate, analyze, hypothesize, implement. Iron Law: no fixes without root cause. Use when asked to debug, fix a bug, investigate an error, or root cause analysis. Proactively use when user reports errors, stack traces, unexpected behavior, or says something stopped working. version: 1.0.0 metadata: { "openclaw": { "emoji": "🔍" } } --- # Systematic Debugging ## Iron Law **NO
$ install --global
skillsauthnpx skillsauth add garrytan/gstack openclaw/skills/gstack-openclaw-investigateInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 14, 2026, 3:44 AM77.4s1 file scanned
SKILL.md
- name:
- gstack-openclaw-investigate
- description:
- Systematic debugging with root cause investigation. Four phases: investigate, analyze, hypothesize, implement. Iron Law: no fixes without root cause. Use when asked to debug, fix a bug, investigate an error, or root cause analysis. Proactively use when user reports errors, stack traces, unexpected behavior, or says something stopped working.
- version:
- 1.0.0
- metadata:
- { "openclaw": { "emoji": "🔍" } }
Systematic Debugging
Iron Law
NO FIXES WITHOUT ROOT CAUSE INVESTIGATION FIRST.
Fixing symptoms creates whack-a-mole debugging. Every fix that doesn't address root cause makes the next bug harder to find. Find the root cause, then fix it.
Phase 1: Root Cause Investigation
Gather context before forming any hypothesis.
-
Collect symptoms: Read the error messages, stack traces, and reproduction steps. If the user hasn't provided enough context, ask ONE question at a time. Don't ask five questions at once.
-
Read the code: Trace the code path from the symptom back to potential causes. Search for all references, read the logic around the failure point.
-
Check recent changes:
git log --oneline -20 -- <affected-files>Was this working before? What changed? A regression means the root cause is in the diff.
-
Reproduce: Can you trigger the bug deterministically? If not, gather more evidence before proceeding.
-
Check memory for prior debugging sessions on the same area. Recurring bugs in the same files are an architectural smell.
Output: "Root cause hypothesis: ..." ... a specific, testable claim about what is wrong and why.
Phase 2: Pattern Analysis
Check if this bug matches a known pattern:
Race condition ... Intermittent, timing-dependent. Look at concurrent access to shared state.
Nil/null propagation ... NoMethodError, TypeError. Missing guards on optional values.
State corruption ... Inconsistent data, partial updates. Check transactions, callbacks, hooks.
Integration failure ... Timeout, unexpected response. External API calls, service boundaries.
Configuration drift ... Works locally, fails in staging/prod. Env vars, feature flags, DB state.
Stale cache ... Shows old data, fixes on cache clear. Redis, CDN, browser cache.
Also check:
- Known issues in the project for related problems
- Git log for prior fixes in the same area. Recurring bugs in the same files are an architectural smell, not a coincidence.
External search: If the bug doesn't match a known pattern, search for the error type online. Sanitize first: strip hostnames, IPs, file paths, SQL, customer data. Search the error category, not the raw message.
Phase 3: Hypothesis Testing
Before writing ANY fix, verify your hypothesis.
-
Confirm the hypothesis: Add a temporary log statement, assertion, or debug output at the suspected root cause. Run the reproduction. Does the evidence match?
-
If the hypothesis is wrong: Search for the error (sanitize sensitive data first). Return to Phase 1. Gather more evidence. Do not guess.
-
3-strike rule: If 3 hypotheses fail, STOP. Tell the user:
"3 hypotheses tested, none match. This may be an architectural issue rather than a simple bug."
Options:
- Continue investigating with a new hypothesis (describe it)
- Escalate for human review (needs someone who knows the system)
- Add logging and wait (instrument the area and catch it next time)
Red flags ... if you see any of these, slow down:
- "Quick fix for now" ... there is no "for now." Fix it right or escalate.
- Proposing a fix before tracing data flow ... you're guessing.
- Each fix reveals a new problem elsewhere ... wrong layer, not wrong code.
Phase 4: Implementation
Once root cause is confirmed:
-
Fix the root cause, not the symptom. The smallest change that eliminates the actual problem.
-
Minimal diff: Fewest files touched, fewest lines changed. Resist the urge to refactor adjacent code.
-
Write a regression test that:
- Fails without the fix (proves the test is meaningful)
- Passes with the fix (proves the fix works)
-
Run the full test suite. No regressions allowed.
-
If the fix touches >5 files: Flag the blast radius to the user before proceeding. That's large for a bug fix.
Phase 5: Verification & Report
Fresh verification: Reproduce the original bug scenario and confirm it's fixed. This is not optional.
Run the test suite.
Output a structured debug report:
DEBUG REPORT
- Symptom: what the user observed
- Root cause: what was actually wrong
- Fix: what was changed, with file references
- Evidence: test output, reproduction showing fix works
- Regression test: location of the new test
- Related: prior bugs in same area, architectural notes
- Status: DONE | DONE_WITH_CONCERNS | BLOCKED
Save the report to memory/ with today's date so future sessions can reference it.
Important Rules
- 3+ failed fix attempts: STOP and question the architecture. Wrong architecture, not failed hypothesis.
- Never apply a fix you cannot verify. If you can't reproduce and confirm, don't ship it.
- Never say "this should fix it." Verify and prove it. Run the tests.
- If fix touches >5 files: Flag to user before proceeding.
- Completion status:
- DONE ... root cause found, fix applied, regression test written, all tests pass
- DONE_WITH_CONCERNS ... fixed but cannot fully verify (e.g., intermittent bug, requires staging)
- BLOCKED ... root cause unclear after investigation, escalated
Related Skills
garrytan/pair-agent
development
VerifiedTrustedCommunity
Pair a remote AI agent with your browser. One command generates a setup key and prints instructions the other agent can follow to connect. Works with OpenClaw, Hermes, Codex, Cursor, or any agent that can make HTTP requests. The remote agent gets its own tab with scoped access (read+write by default, admin on request). Use when asked to "pair agent", "connect agent", "share browser", "remote browser", "let another agent use my browser", or "give browser access". (gstack) Voice triggers (speech-to-text aliases): "pair agent", "connect agent", "share my browser", "remote browser access".
71,662SKILL.mdUpdated Apr 14, 2026
garrytan/gstack-openclaw-retro
development
VerifiedTrustedCommunity
Weekly engineering retrospective. Analyzes commit history, work patterns, and code quality metrics with persistent history and trend tracking. Team-aware with per-person contributions, praise, and growth areas. Use when asked for weekly retro, what shipped this week, or engineering retrospective.
71,662SKILL.mdUpdated Apr 14, 2026
garrytan/openclaw/skills/gstack-openclaw-office-hours
development
VerifiedTrustedCommunity
--- name: gstack-openclaw-office-hours description: Product interrogation with six forcing questions. Two modes: startup diagnostic (demand reality, status quo, desperate specificity, narrowest wedge, observation, future-fit) and builder brainstorm. Use when asked to brainstorm, "is this worth building", "I have an idea", "office hours", or "help me think through this". Proactively use when user describes a new product idea or wants to think through design decisions before any code is written. v
71,662SKILL.mdUpdated Apr 14, 2026
garrytan/openclaw/skills/gstack-openclaw-ceo-review
development
VerifiedTrustedCommunity
--- name: gstack-openclaw-ceo-review description: CEO/founder-mode plan review. Rethink the problem, find the 10-star product, challenge premises, expand scope when it creates a better product. Four modes: SCOPE EXPANSION (dream big), SELECTIVE EXPANSION (hold scope + cherry-pick), HOLD SCOPE (maximum rigor), SCOPE REDUCTION (strip to essentials). Use when asked to review a plan, challenge this, CEO review, poke holes, think bigger, or expand scope. version: 1.0.0 metadata: { "openclaw": { "emoj
71,662SKILL.mdUpdated Apr 14, 2026