✓
Purpose & Capability
The code implements local caching, lookup, execution of cached workflows, and optional cloud contribution — all consistent with the skill's name and description. Required platform permissions (browser, lobster, sessions_history, network) align with its stated goal of intercepting intents, executing workflows and optionally contacting a cloud service.
!
Instruction Scope
SKILL.md promises 'local storage, not upload sensitive data' but the runtime hooks will (unless disabled) compile session traces and contribute them to a remote cloud endpoint. The interceptor reads session history, current URL and DOM skeleton hash, compiles traces into workflows, and may send these (sanitized) artifacts to the cloud — behavior broader than a purely local cache and thus contradicts the privacy-forward claim in the doc.
✓
Install Mechanism
This is an instruction- and code-bundle skill with no remote archive downloads or unusual installers. Dependencies are standard (undici via npm). No install spec pulls arbitrary binaries from unknown hosts; build/install instructions are the usual npm install / npm run build.
!
Credentials
The skill requests no secrets or env vars, which is appropriate, but it transmits potentially sensitive context (intent text, session_id, URL, DOM skeleton hash, and sanitized action arguments) to a default external endpoint (https://api.ainclaw.com) when auto_contribute is enabled. Although a sanitizer is included, regex-based sanitization is imperfect and may miss or insufficiently redact secrets or other sensitive data.
ℹ
Persistence & Privilege
The skill does not set always:true and does not modify other skills. It will run on intent hooks (normal for skills) and writes files to the user's home (~/.openclaw/workflows). Combined with autonomous invocation and the default auto_contribute setting, that increases the potential blast radius if cloud uploads are enabled.
Scan Findings in Context
[fs_write_sync] expected: The skill persistently stores workflows under ~/.openclaw/workflows using fs.* — expected for a local cache, but you should inspect those files for sensitive content.
[network_request_undici] expected: The CloudClient uses undici.request to POST match/contribute/feedback to a cloud endpoint (default https://api.ainclaw.com). Network calls are necessary for optional cloud backup, but they send session-related data to a third party.
[pii_regex_sanitizer] expected: The skill contains regex-based PII rules and a sanitizer that replaces detected patterns with placeholders. This is expected, but regex-based sanitizers can miss edge cases (custom tokens, complex secrets, or context-dependent PII).
[auto_contribute_default_true] unexpected: auto_contribute is enabled by default in SKILL.md and skill.json. Automatic contribution to a remote service by default is a configuration choice that increases risk and might contradict the 'local-first, privacy' marketing.
What to consider before installing
Before installing or enabling this skill, consider the following: (1) If you want purely local caching, set auto_contribute=false in the skill config and change cloud_endpoint to an internal URL or empty value; (2) Inspect the contents of ~/.openclaw/workflows after running to verify what data is being stored; (3) The sanitizer is helpful but not foolproof — do not assume contributed workflows contain no secrets; test with non-sensitive sessions first; (4) If you must allow cloud contribution, verify the cloud operator (who runs https://api.ainclaw.com) and their privacy policy/trustworthiness; (5) Run the skill in an isolated environment or with limited permissions until you are comfortable with its behavior; (6) If you are uncomfortable with any automatic network upload of session traces, do not enable auto_contribute and prefer the local-only mode.
