Amber Hunter
WarnAudited by ClawScan on May 18, 2026.
Overview
Amber Hunter appears purpose-aligned, but it deserves careful review because it can run in the background and silently store, reuse, and optionally sync sensitive local conversations and files.
Install only if you are comfortable with a long-term memory service watching OpenClaw sessions and recent files. Before enabling proactive capture or cloud sync, inspect the installer, disable unwanted autostart jobs, protect and rotate the local token, set review/exclusion/retention rules, and clarify the unexplained wallet/purchase/OAuth capability signals with the publisher.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive conversations, file context, mistakes, credentials pasted into chats, or personal details could be stored and later influence future agent behavior.
This shows persistent capture of private agent transcripts/files and later reuse as context for future agent responses, without clear bounds, exclusions, retention, or per-memory approval in the provided artifacts.
constantly watching your OpenClaw agent sessions... captures the conversation context, recent file changes... automatically writes significant moments... silently... Active Recall... inject them into context
Use only if you want long-term agent memory. Configure review/approval, path exclusions, retention, and inspect stored memories before enabling proactive recall or sync.
Memory capture may continue after the original task unless the user disables the background job.
The proactive component is designed to persist as a scheduled background process, continuing to inspect sessions outside a single explicit invocation.
Runs every 10 minutes via LaunchAgent (macOS) or cron/systemd (Linux).
Before installing, verify the autostart setup, know how to disable/remove it, and prefer manual or opt-in capture if you do not want ongoing background monitoring.
If the token leaks, another local process or allowed browser integration could potentially access, mutate, export, or sync the memory store.
The docs encourage putting the local API token in URLs for browser/localhost flows. URL tokens can be retained in browser history, logs, or referrers, and the token protects memory operations.
authentication uses a query parameter to bypass browser restrictions... curl "http://localhost:18998/freeze?token=YOUR_API_KEY" ... curl "http://localhost:18998/capsules?token=YOUR_API_KEY"
Prefer Authorization headers over query parameters, restrict CORS/origins, rotate tokens if exposed, and protect `~/.openclaw/token` and `~/.amber-hunter/config.json`.
An authorized caller can change or delete stored memories or export backups.
The local API can update, delete, and export the memory database. This is purpose-aligned administration, but it is high-impact if invoked unintentionally or with a leaked token.
`/capsules/{id}` | PATCH | 更新胶囊 ... `/capsules/{id}` | DELETE | 删除胶囊 ... `/admin/export` | GET | 导出备份Keep the local token private, avoid exposing the localhost port, and confirm destructive/export actions before running automation against the API.
Running the setup may install packages and configure background jobs that are not represented in the registry install contract.
Although the registry says there is no install spec, the documentation includes user-directed installer, dependency, and autostart commands.
bash ~/.openclaw/skills/amber-hunter/install.sh ... pip install -r requirements.txt ... launchctl load ~/Library/LaunchAgents/com.huper.amber-proactive.plist
Read install.sh and requirements.txt before running them, and confirm any LaunchAgent/cron/systemd entry is intended.
If an agent treats this file as authoritative during unrelated tasks, it may run extra tools or commands not requested by the user.
The packaged AGENTS.md contains forceful developer-workflow instructions to use GitNexus tools and run npx commands. It appears scoped to repository maintenance, but it is not part of the memory engine’s user-facing purpose.
MUST run impact analysis before editing any symbol... run `gitnexus_impact`... If any GitNexus tool warns the index is stale, run `npx gitnexus analyze`
Do not treat AGENTS.md as runtime skill instruction; scope or remove developer-only instructions from the distributed skill package.
Local memories may be made available to a browser integration and, if sync is enabled, uploaded in encrypted form to the provider.
The skill intentionally bridges local memory, a browser frontend, and the huper.org cloud service. This is disclosed and purpose-aligned, but it is a sensitive data boundary.
Cloud Sync (optional) — Encrypts before uploading to your huper.org account ... The frontend at huper.org fetches from `localhost:18998` directly
Confirm cloud sync is off unless wanted, verify encryption/master-password setup, and understand what the browser integration can request from localhost.