strantalis/debug-mode
skills/debug-mode/SKILL.md
Run an iterative, hypothesis-driven “debug mode” loop to diagnose and fix a bug using targeted instrumentation and log capture. Use when the user wants an interactive debug loop, when you need to quickly narrow a failure via added debug statements, or when you need a lightweight way to centralize logs from a repro run (via `agent-skills debug` server + SSE UI).
development
Updated Apr 15, 2026
$ install --global
skillsauthnpx skillsauth add strantalis/agent-skills debug-modeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 5:15 AM14.5s2 files scanned
SKILL.md
- name:
- debug-mode
- description:
- Run an iterative, hypothesis-driven “debug mode” loop to diagnose and fix a bug using targeted instrumentation and log capture. Use when the user wants an interactive debug loop, when you need to quickly narrow a failure via added debug statements, or when you need a lightweight way to centralize logs from a repro run (via `agent-skills debug` server + SSE UI).
Debug Mode
Run a tight debug loop: form a hypothesis, instrument the smallest surface area, capture evidence, update the hypothesis, and repeat until you can ship a fix with a regression test (or a clear root-cause explanation).
This skill assumes you can add temporary debug statements and that you can ask the user to run a repro while a local log capture server is running.
Quick start
- Start the log capture server:
agent-skills debug
- Ask the user to reproduce while sending logs to the server (pick a method):
agent-skills debug send …curl -X POST … /v1/logs
- Use the captured evidence to pick the next instrumentation point and repeat.
Reference: skills/debug-mode/references/debug-server.md.
Workflow (debug loop)
-
Establish the repro and success criteria.
- Ask for exact commands/inputs and the expected vs actual outcome.
- Freeze variables: versions, env, config, dataset, feature flags.
- If the bug is flaky, ask for frequency and a “best repro” loop.
-
Form a falsifiable hypothesis.
- Phrase it as: “If X is happening, we should observe Y at location Z.”
- Prefer hypotheses that narrow the search space (not “something is wrong”).
-
Instrument minimally.
- Add logs at decision boundaries, not every line.
- Log identifiers and invariants (IDs, counts, state machine states), not entire blobs.
- Include correlation keys (
requestId,userId,jobId, etc.).
-
Capture and review evidence.
- Use the debug server UI and/or the NDJSON file as the shared artifact.
- Summarize the evidence in a small table: observation → supports/refutes → next step.
-
Iterate until root cause is isolated.
- Move instrumentation “upstream” or “downstream” based on what you learned.
- Delete/undo misleading logs; keep only the ones that pay rent.
-
Fix + lock it in.
- Implement the smallest safe fix.
- Add a regression test or a runnable repro script.
- Remove or downgrade temporary debug statements.
Notes for using agent-skills debug
- Default auth is a random token printed at startup.
- By default, events are appended as NDJSON to
.agent-skills/debug.ndjson(disable with--out=). - Use headers for ingestion where possible; use
?token=mainly for the browser UI. - Prefer structured JSON logs with stable keys over freeform text.
Related Skills
strantalis/gh-cli
tools
VerifiedTrustedCommunity
Standardize all GitHub interactions via the GitHub CLI (`gh`) instead of ad-hoc URLs, UI clicks, or direct REST API calls. Use when you need to read or change GitHub state (repos, issues, pull requests, reviews, check status, Actions workflows/runs, releases, labels, milestones, discussions, gists) and want deterministic output (prefer `--json` + `--jq`). Also use when the user provides a GitHub URL, including deep links like `https://github.com/OWNER/REPO/pull/123`, `.../issues/123`, `.../pull/123/files`, or comment permalinks like `#issuecomment-...`, and you need to fetch the underlying PR/issue/thread and reply. Fall back to `gh api` only when there is no first-class `gh NOUN VERB` command.
SKILL.mdUpdated Apr 15, 2026
strantalis/crypto-expert
development
VerifiedTrustedCommunity
Crypto best-practices guidance and review across languages and domains. Use whenever cryptography, encryption, hashing, signatures, key/nonce/IV handling, randomness, password storage, TLS/PKI, secure channels, token formats, or "roll your own crypto" is mentioned, including high-level questions or code/design reviews. Trigger broadly to prevent subtle security mistakes.
SKILL.mdUpdated Apr 15, 2026
strantalis/context7-cli
tools
VerifiedTrustedCommunity
Use the local Context7 CLI in this repo to search libraries and fetch Context7 context for skills or documentation tasks. Trigger when you need to run `c7 search`/`c7 context`, resolve library IDs, or retrieve text/json outputs from Context7 via the CLI.
SKILL.mdUpdated Apr 15, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026