pref0
ReviewAudited by ClawScan on May 10, 2026.
Overview
pref0 is coherent for preference learning, but it should be reviewed because it sends full chat histories and stable user identifiers to an external service and then injects learned preferences into future system prompts.
Install only if you are comfortable with pref0 receiving and storing conversation-derived data. Use opaque IDs instead of emails or phone numbers where possible, avoid tracking sensitive chats, review/delete learned profiles regularly, and avoid blindly injecting the returned prompt into high-priority system instructions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future responses could be steered by learned or mislearned preferences that the user did not explicitly approve for the current task.
The skill instructs the agent to make provider-returned, history-derived text part of the system prompt, which can make stale or poisoned preferences more authoritative than ordinary context.
Use the `prompt` field to inject into your system prompt directly
Do not append the raw provider prompt directly; prefer structured preferences, review or filter them, and let explicit current-user instructions override stored preferences.
A mistaken, sensitive, or adversarially influenced preference may persist and shape later sessions.
The skill creates persistent cross-session memory from conversations, but the artifacts do not describe user review, allowlists, expiration, or safeguards against incorrect or poisoned preferences.
Preferences compound over time. Corrections start at 0.70 confidence, implied preferences at 0.40. Each repeated signal adds +0.15, capped at 1.0.
Provide clear controls to view, approve, edit, age out, and delete learned preferences before they affect future prompts.
Private chat content and identifiers may be shared with and stored by pref0.
The documented workflow sends complete conversation content plus potentially identifying user IDs to an external provider, without documented minimization, redaction, retention, or consent boundaries.
Use a stable user ID (email, account ID, phone number — whatever you have). ... Call `POST /v1/track` with the full message history
Use opaque user IDs, avoid sending sensitive conversations, redact secrets and personal data, and confirm the provider's retention and deletion policies before enabling automatic tracking.
Anyone with the API key may be able to access or modify pref0 data allowed by that key.
The skill requires a pref0 API key; this is expected for the service, but it is still a credential that grants access to the user's pref0 account/API usage.
Auth: `Authorization: Bearer $PREF0_API_KEY`
Store the API key only in trusted environments, rotate it if exposed, and use the least-privileged key options available from the provider.