When To Use
Trigger when user says: "check my system", "what's wrong", "health check", "diagnose", "audit", "why is X slow", "something feels off"
This is NOT generic data analysis. This is system self-diagnosis — examining the agent's own workspace, configuration, and operational health.
Analysis Modes
| Mode | Scope | When |
|---|
| Quick | Security + critical operational | "Quick check", default if unspecified |
| Full |
All categories, all checks | "Full audit", "deep check" |
|
Targeted | Single category | "Check my memory", "audit cron" |
Priority Order (Always This Sequence)
- 1. SECURITY — Exposed secrets, leaked credentials, permission issues
- OPERATIONAL — Broken crons, dead sessions, unreachable APIs
- HYGIENE — Memory bloat, orphan files, stale entries, inefficiencies
Stop and report critical security findings immediately. Don't bury them in a long list.
Detection Strategy
Cheap first, expensive only when needed:
- 1. File checks (free) — existence, size, age, syntax
- Local commands (cheap) — process lists, disk usage, git status
- API calls (expensive) — only when file-level signals warrant
Never hit external APIs speculatively. Validate need from local evidence first.
Findings Format
CODEBLOCK0
Group by severity, not by category. User sees worst problems first.
Load Detailed Checks
| Category | Reference |
|---|
| All check definitions by category | INLINECODE0 |
| Remediation actions and auto-fix scripts |
remediation.md |
| Tracking analysis runs, improvement over time |
tracking.md |
技能名称:分析
详细描述:
使用时机
当用户说出以下内容时触发:检查我的系统、出什么问题了、健康检查、诊断、审计、为什么X这么慢、感觉不对劲
这不是通用数据分析。这是系统自我诊断——检查智能体自身的工作区、配置和运行健康状态。
分析模式
| 模式 | 范围 | 使用时机 |
|---|
| 快速 | 安全 + 关键运行 | 快速检查,未指定时默认使用 |
| 全面 |
所有类别,所有检查 | 全面审计、深度检查 |
|
定向 | 单一类别 | 检查我的记忆、审计定时任务 |
优先级顺序(始终按此顺序)
- 1. 安全 — 暴露的密钥、泄露的凭证、权限问题
- 运行 — 损坏的定时任务、失效的会话、无法访问的API
- 卫生 — 内存膨胀、孤立文件、过期条目、低效问题
立即停止并报告关键安全发现。不要将其埋没在冗长的列表中。
检测策略
优先使用低成本方法,仅在必要时使用高成本方法:
- 1. 文件检查(免费)— 存在性、大小、时效、语法
- 本地命令(低成本)— 进程列表、磁盘使用、Git状态
- API调用(高成本)— 仅在文件级信号表明需要时使用
切勿推测性地调用外部API。首先通过本地证据验证需求。
发现结果格式
[严重|警告|信息] 类别/子类别:描述
→ 操作:具体的修复步骤
→ 可自动修复:是/否
按严重程度分组,而非按类别分组。用户首先看到最严重的问题。
加载详细检查
| 类别 | 参考文档 |
|---|
| 按类别划分的所有检查定义 | checks.md |
| 修复操作和自动修复脚本 |
remediation.md |
| 跟踪分析运行及随时间改进情况 | tracking.md |
