From appsec-advisor
Builds an anonymised diagnostic bundle from a failed pipeline run for error reporting. Shows contents and instructs user to attach to a GitHub issue.
How this skill is triggered — by the user, by Claude, or both
Slash command
/appsec-advisor:report-errorThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You hit an error in the threat-model pipeline and want to report it. This skill
You hit an error in the threat-model pipeline and want to report it. This skill builds an anonymised diagnostic bundle the maintainer can triage, shows you exactly what is in it, and leaves the decision to share it entirely to you.
What the bundle contains: tool/plugin versions, the run shape (phases reached,
stage timings, aggregate count histograms), a metadata-only file inventory
(name/size — never contents), and the run logs with paths/quoted-strings/secrets
scrubbed. What it never contains: the threat-model results, any finding or
evidence, component names, source code, or the scanned-repo path. The tool makes
no network calls — it only writes a local file; you choose whether to attach
it. The deterministic anonymisation is enforced in code
(scripts/diagnostic_bundle.py) and pinned by a no-leak test, not by an LLM.
All optional:
--repo <path> — the scanned repo root. Default: current working directory.--output <path> — the run's OUTPUT_DIR. Default: <repo>/docs/security.--into <path> — where to write the .tgz. Default: current working directory.CLAUDE_PLUGIN_ROOTif [ -z "$CLAUDE_PLUGIN_ROOT" ]; then
CLAUDE_PLUGIN_ROOT=$(find /root /home /opt -maxdepth 6 \
-path "*/appsec-advisor/skills/report-error/SKILL.md" \
2>/dev/null | head -1 | xargs -r dirname | xargs -r dirname | xargs -r dirname)
fi
export CLAUDE_PLUGIN_ROOT
if [ -z "$CLAUDE_PLUGIN_ROOT" ] || [ ! -d "$CLAUDE_PLUGIN_ROOT" ]; then
echo "Error: CLAUDE_PLUGIN_ROOT could not be resolved." >&2
exit 2
fi
REPO_ROOT="${REPO_ROOT:-$PWD}"
OUTPUT_DIR="${OUTPUT_DIR:-$REPO_ROOT/docs/security}"
INTO="${INTO:-$PWD}"
if [ ! -d "$OUTPUT_DIR" ]; then
echo "Error: no run output at $OUTPUT_DIR — pass --output <dir> pointing at the run's OUTPUT_DIR." >&2
exit 2
fi
BUNDLE=$(python3 "$CLAUDE_PLUGIN_ROOT/scripts/diagnostic_bundle.py" collect \
--run "$OUTPUT_DIR" --repo-root "$REPO_ROOT" --into "$INTO" \
| sed -n 's/^✓ wrote anonymised diagnostic bundle → //p')
[ -z "$BUNDLE" ] && { echo "Error: bundle was not produced." >&2; exit 1; }
python3 "$CLAUDE_PLUGIN_ROOT/scripts/diagnostic_bundle.py" inspect --bundle "$BUNDLE" --logs 20
echo
echo "Bundle written to: $BUNDLE"
Relay, in plain language:
.tgz —
it is plain JSON + scrubbed logs) before sharing anything..tgz (drag it onto the issue). Do not paste raw terminal output.Do not upload, post, or transmit the bundle yourself — sharing is the user's explicit action. This skill only writes the local file.
npx claudepluginhub matthiasrohr/appsec-advisorTriages anonymised diagnostic bundles from pipeline failures by running deterministic inspect and cross-referencing plugin source and bug history to produce a grounded root-cause hypothesis.
Builds reproduction bundles for agent failures, transcript comparisons, and retrospective analysis. Collects Claude/Codex sessions, repo evidence, hashes, and produces replay guides with LFS/encryption.
Collects a redacted diagnostic bundle (logs, config, version, state) from a local Infrahub instance for OpsMill support hand-off. Useful when Infrahub is broken or failing.