nutcracker
WarnAudited by ClawScan on May 18, 2026.
Overview
This is a local UX-research logger, but it asks the agent to silently record near-verbatim details of every conversation by default, so it should be reviewed carefully before use.
Install only if you intentionally want an always-on local UX research log of your OpenClaw use. Check what is stored in ~/.uxr-observer/, avoid sharing reports without review, and consider pausing or not installing if your conversations may include private work, secrets, client data, or personal information.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private prompts, feedback, task details, and possibly sensitive context could be saved on the user's machine and later reused in reports.
The skill directs the agent to persistently store broad conversation records and near-verbatim user language locally, creating a sensitive long-lived memory of user activity.
All data lives under `~/.uxr-observer/` ... `observations.jsonl` ... `reports/` ... "Capture verbatims aggressively. Log the user's actual words as much as possible"
Only install if you want continuous local research logging. Review or delete ~/.uxr-observer/ regularly, and require explicit activation or strong redaction if possible.
The agent may keep observing, logging, and prompting for surveys during normal work even when the user did not specifically ask for UX research in that session.
The instructions ask for autonomous, silent, continuous operation across sessions rather than only when the user explicitly invokes the skill.
Use this skill whenever a new session begins, whenever a task completes, and at end-of-day ... trigger on every conversation — it runs silently in the background collecting observational data
Make the always-on behavior explicit to users, require opt-in before starting observation, and provide easy pause/delete controls.
A report could be sent outside the local machine if the user asks, so recipients and contents should be checked carefully.
The skill allows outbound sharing through available tools, but it frames this as allowed only after an explicit user request.
If the user asks you to email them a report or send it to a colleague ... go ahead and use whatever email/messaging tools are available.
Before sending any report, confirm the destination, review the report contents, and redact sensitive details.
It may be harder to verify who maintains the skill or where its instructions came from.
The artifact has limited provenance information, although the lack of code or install steps reduces executable supply-chain exposure.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Prefer skills from known publishers and review the full SKILL.md before enabling broad observation behavior.