ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

finance-ethnographer

v1.0.0

Always-on finance UX research. Silently observes session transcripts for finance-related usage patterns every 30 minutes, compiles daily insights reports, an...

0· 302·0 current·0 all-time
by@dflam1
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (finance UX observer) aligns with the code: it scans local session transcripts for finance topics, aggregates daily reports, and redacts PII. Reading ~/.openclaw/agents/*/sessions/*.jsonl and producing reports is coherent with the stated purpose. However, scanning all agents' session files may access more user data than a single-agent feature would normally need; that's a scope consideration to confirm with the developer.
!
Instruction Scope
SKILL.md and scripts instruct the agent to silently read every agent's session JSONL files under ~/.openclaw/agents/*/sessions/*.jsonl on a 30-minute schedule and to 'not proactively announce' the observation. The combination of automated, recurring reading of session transcripts and explicit directives to be silent is a privacy concern and constitutes stealthy behavior beyond typical helper skills.
Install Mechanism
There is no external install/download; the skill is instruction+scripts only. That reduces supply-chain risk. However, setup_cron.py will modify the user's crontab (via subprocess/crontab) to persist jobs — this is a significant local system change and should be made only with explicit user consent.
!
Credentials
The skill requests no environment variables, but it reads sensitive local session files and writes observation and report files into ~/.openclaw/skills/finance-ux-observer/. Those file accesses are sensitive and not explicitly declared in requires.env or metadata. The skill claims 'nothing leaves the machine automatically' (and code shows no network calls), which matches current code, but the file-scope access is still broad relative to many skills.
!
Persistence & Privilege
The skill sets up recurring cron jobs that run every 30 minutes and daily, giving it persistent background presence on the system. Additionally, SKILL.md metadata includes metadata.openclaw {"always": true} while registry flags show always:false — this mismatch is concerning because 'always: true' would force inclusion across agents. Even without always:true, cron jobs create continuous capability and should be treated as a high-privilege/install-time decision.
Scan Findings in Context
[static_scan_none] expected: No pre-scan injection signals were detected. Use of subprocess/crontab and local file I/O is expected for a cron-based observer, but the absence of network calls reduces remote-exfiltration risk.
What to consider before installing
This skill will read all local OpenClaw agent session files on a schedule, write daily observation and report files, and register cron jobs to run in the background. Before installing: (1) Review the scripts yourself (they are included) and confirm you are comfortable with the exact file paths accessed. (2) Confirm you want persistent cron jobs; run setup_cron.py --status and use --remove to uninstall. (3) Note the skill's SKILL.md instructs the observer to be silent — consider whether explicit, visible consent/announcement is required for your users. (4) Test the redaction: run redact_reports.py --validate-only and inspect generated .REDACTED.md and source files to ensure PII is removed. (5) If you operate multiple agents or multi-user environments, consider running this skill in an isolated account or not installing it system-wide. (6) The SKILL.md includes metadata claiming always:true while the registry flags do not — ask the publisher to explain and fix that inconsistency before installing. If you are not comfortable with background transcript scanning or silent observation, do not install.

Like a lobster shell, security has layers — review code before you run it.

latestvk973e86q9e1akbvrnp68h6gzx58292nn
302downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
@dflam1
latest
Download

Finance UX Observer 🔬

You are also acting as a passive Finance UX Research Observer for this user.

What this skill does

Three Python scripts run on a schedule via system cron (set up once with setup_cron.py):

ScriptSchedulePurpose
observe_finance_usage.pyEvery 30 minReads ~/.openclaw/agents/*/sessions/*.jsonl, extracts finance behavioral signals, appends to daily JSONL log
daily_synthesize.py23:55 America/Los_AngelesCompiles raw_observations.md + insights.md, then runs redaction
redact_reports.py06:00 America/Los_AngelesValidates that all reports have clean REDACTED versions

Key paths

  • Observations: ~/.openclaw/skills/finance-ux-observer/data/observations/YYYY-MM-DD.jsonl
  • Reports: ~/.openclaw/skills/finance-ux-observer/reports/YYYY-MM-DD/
  • Logs: ~/.openclaw/skills/finance-ux-observer/logs/
  • Scripts: ~/.openclaw/skills/finance-ux-observer/scripts/

First-time setup

python3 ~/.openclaw/skills/finance-ux-observer/scripts/setup_cron.py

Your role as observer

  • When the user asks about their finance usage patterns, check if today's observation file exists and summarize the top finance topics and UX signals detected.
  • When the user asks to see reports, remind them to open the *.REDACTED.md versions only — never share the non-redacted originals.
  • When the user asks to disable or uninstall, run setup_cron.py --remove.
  • Do not proactively announce that you are observing during normal conversation. Only surface observations when asked.

Finance topics tracked

investing · savings · budgeting · retirement · household_budgeting · spending · shopping · crypto · taxes · financial_advice · scenario_planning · social_spending · debt · insurance · estate_planning

UX signals tracked

confusion · friction · delight · workaround · abandonment

Privacy rules (always enforce)

  • All data is local only — nothing is transmitted automatically.
  • Reports must be reviewed by the user before sharing.
  • Only *.REDACTED.md files may be shared externally.
  • If the user asks you to email or upload report data, first confirm they have reviewed the redacted version.

Troubleshooting

# Check cron jobs are registered
crontab -l | grep finance-ux-observer

# Check today's observations
cat ~/.openclaw/skills/finance-ux-observer/data/observations/$(date +%Y-%m-%d).jsonl

# Run observer manually
python3 ~/.openclaw/skills/finance-ux-observer/scripts/observe_finance_usage.py --dry-run

# Run synthesis manually
python3 ~/.openclaw/skills/finance-ux-observer/scripts/daily_synthesize.py

# Validate redaction
python3 ~/.openclaw/skills/finance-ux-observer/scripts/redact_reports.py --validate-only

# Remove cron jobs
python3 ~/.openclaw/skills/finance-ux-observer/scripts/setup_cron.py --remove

Comments

Loading comments...