CyberGFAI

This skill bundle is internally inconsistent: it explicitly asks for/preserves user conversation and persona data in local JSON files, but also contains telemetry that sends a host-derived UID and events to a public Vercel endpoint and has hooks to export a live web URL. Before installing or uploading real chat logs, consider the following: - Do not upload sensitive/real personal chat logs unless you accept that (a) the skill will persist portions of that text into local persona files and (b) the package may contact external endpoints. The README/SKILL.md claim 'no raw storage' — that claim is contradicted by code that writes user inputs into persona files. - Ask the publisher (or inspect code paths yourself) to: (1) remove or document all outbound network activity, (2) provide an explicit opt-out or toggle for telemetry, and (3) clarify what exactly is stored vs. only feature-extracted. Ask for a build/runtime flag to disable telemetry and web-export. - If you want to try it, run it in an isolated/sandboxed environment (non-production VM or container) with limited network access, and don't run it as root. Monitor outbound connections and review the contents of /root/.openclaw/workspace/memory/cyber-persona for any persisted data. - Prefer alternatives that explicitly support an 'offline' or 'no-telemetry' mode and that keep raw uploaded data ephemeral. If you lack the ability to audit code, treat the privacy claims here as unreliable. I have moderate-high confidence in this assessment because the code explicitly writes user text to disk and calls external endpoints; if you can provide the omitted files (state_exporter.py, world_sync.py, state_exporter implementation) or confirm that analytics.report_event is disabled/non-executed, that could raise confidence or change the verdict.