ClawHub

Openweruh

v1.0.0

Proactive screen context processor. Triggered when screen.context payload arrives via webhook. Analyze the visual content, apply the configured persona mode,...

0· 75·0 current·0 all-time
by@fikriaf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (proactive screen context processor) align with the instructions: analyze incoming screen.context payloads and decide whether to notify the user. The skill declares no binaries, env vars, or installs — which is proportional for an instruction-only processor.
Instruction Scope
Instructions stay within the declared purpose (analyze images/text and optionally notify). Two ambiguous items: (1) the instructions reference reading a configuration file 'weruh.yaml' if available — the path and permissions are unspecified (this implies potential local file access), and (2) 'record the context for potential future daily summaries' and mention of a scheduled cron job imply storage of observations but do not specify where/how long or whether images/text are persisted or transmitted. These are implementation details to clarify before installation.
Install Mechanism
No install spec and no code files — instruction-only skill. Low install risk (nothing is downloaded or written by the skill itself).
Credentials
The skill requests no environment variables, credentials, or config paths. That matches the described capability. Note that operational use (webhook delivery of images and posting notifications) will require external wiring (webhook source and destination) not declared here; those integration credentials are not part of this skill and should be provisioned separately and carefully.
Persistence & Privilege
always:false and no explicit persistence requested in the skill. However, the docs mention summarizing observations at day-end via a scheduled job and referencing a local config ('weruh.yaml'), which suggests the system that implements the skill may store observations/config. Confirm where observations are stored, retention, and access controls before enabling.
Assessment
This skill appears coherent for its stated purpose but asks you to trust how screenshots/context will be handled in practice. Before installing, ask the provider/developer: (1) Where is weruh.yaml expected to live and what will the agent read from it? (2) Where are screen captures and derived observations stored (local path, DB, remote service)? Are they encrypted and how long retained? (3) Which channel(s) will notifications be sent to, and what credentials or webhooks does that integration require? (4) Is webhook traffic validated and authenticated to prevent spoofed events? (5) Request a privacy/security summary or source code (or a homepage) so you can inspect storage/telemetry behavior. If you cannot confirm safe storage and access controls for captured screen content (which can contain sensitive data), avoid enabling the skill or restrict it to test accounts with non-sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk970j08phexgnfspzfb0sw1bkh83csvj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

👁️ Clawdis

Comments