ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Rejection Logger

v1.1.0

Captures and logs choices, options, or prompts that the agent evaluated and decided NOT to execute. Use whenever you skip a task, reject an approach, or choo...

0· 366·0 current·0 all-time
by@balkanblbn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description describe logging rejected choices. SKILL.md and the included scripts/log_rejection.sh implement exactly that behavior (create .learnings directory and append a Markdown entry). There are no unrelated env vars, binaries, or network calls.
Instruction Scope
Instructions are narrowly scoped to creating/appending a local REJECTIONS.md file using the provided template. They do not request reading other files, calling external endpoints, or accessing unrelated credentials. Important caveat: the instructions explicitly ask the agent to record free-text 'Target' and 'Reason' fields — these entries can contain PII, secrets, or other sensitive content and will be persisted to disk and (if version-controlled) to remote repos.
Install Mechanism
No install spec; this is instruction-only with a small included bash script. The script is short, contains no downloads, and writes only to a local .learnings directory. Low install risk.
Credentials
The skill requests no environment variables or credentials and the script doesn't read env vars. However, persisting agent decisions to a file can leak secrets if those decisions include sensitive data. Consider access control, .gitignore, or encryption for the log file.
Persistence & Privilege
always:false and the skill does not modify other skills or global agent settings. It only writes to a workspace-local .learnings/REJECTIONS.md. Autonomous invocation is allowed by default (platform normal); if the agent is allowed to call skills autonomously it could generate many log entries — consider limiting use or requiring explicit user consent for logging.
Assessment
This skill is coherent and low-risk technically, but it persists free-text rejection reasoning to .learnings/REJECTIONS.md which can contain PII or secrets and may be committed to version control. Before installing: (1) inspect scripts/log_rejection.sh and keep it unchanged; (2) add .learnings/REJECTIONS.md to .gitignore or ensure repo policies prevent accidental commits; (3) restrict file permissions (e.g., chmod 600) or encrypt logs if needed; (4) avoid logging raw secrets or sensitive user data — sanitize inputs; (5) consider requiring explicit user confirmation before the agent logs a rejection or disabling autonomous invocation for this skill if you want tighter control.

Like a lobster shell, security has layers — review code before you run it.

latestvk970afktqqjfn7es8bxms9jp2d821fne

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments