ClawHub

Pattern Analyst

v1.0.0

Analyze interactions to identify patterns in what Enzo shares, why he shares it, and how it connects to his goals. Use during heartbeats for periodic analysis, when Enzo asks about his patterns/interests, or when significant new content is shared that reveals a pattern.

0· 1.2k·4 current·4 all-time
by@enzoricciulli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with the instructions: the skill analyzes interactions and stores pattern notes. However, the SKILL.md explicitly reads and writes workspace files (notes/patterns.md and USER.md) but the skill metadata declares no required config paths or file access — an omission that should be called out.
!
Instruction Scope
Instructions go beyond passive analysis: they require logging every relevant interaction to notes/patterns.md, periodic proactive reviews (heartbeats), and an automatic 'independent confirmation' flow that will tag patterns as [AUTO-CONFIRMED] after 3 repeats and immediately update USER.md. Auto-confirming and immediately updating the user's profile without explicit user approval is scope creep from 'observe and surface' to 'modify user state'.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so there is no install-time execution risk. That said, runtime file writes are still possible because the instructions tell the agent to modify workspace files.
Credentials
The skill requests no credentials or environment variables, which is appropriate. But it still requires read/write access to notes/patterns.md and USER.md (and expects those files to exist or be creatable) — this file access is not declared in metadata and can expose or alter stored personal data. No network exfiltration is requested in the instructions.
!
Persistence & Privilege
The skill is not flagged always:true, but it instructs autonomous behavior (periodic heartbeats) and automatic updates to USER.md when patterns are auto-confirmed. Modifying the user's profile/data automatically increases persistence and the potential blast radius if the skill behaves incorrectly. The metadata does not warn about this self-modifying behavior.
What to consider before installing
This skill does what it says — it tracks and surfaces patterns — but it also writes to and updates your workspace files (notes/patterns.md and USER.md), including an automatic 'auto-confirm' flow that will change your USER.md after seeing a pattern 3 times. Before installing: (1) ensure you have backups of USER.md and any notes files; (2) consider requiring explicit user confirmation before any changes to USER.md (update the SKILL.md or wrapper to remove auto-confirm); (3) limit or review autonomous heartbeats (disable or require manual invocation) so the agent doesn't modify your profile without your review; (4) confirm where notes/patterns.md will be stored and who/what has access to that path. These mitigations reduce risk; if you expect the skill to auto-update your profile, accept that behavior only after reviewing and testing it in a safe workspace.

Like a lobster shell, security has layers — review code before you run it.

latestvk9786ftk9rvf22pnsrhh1rbav180sm9d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments