nutcracker
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: observer Version: 1.0.0 The skill is designed for UX research, emphasizing local data storage and user control. However, it is classified as 'suspicious' due to the explicit instruction for the AI agent to 'Email my report to [person]' which, despite being framed as user-initiated and consent-based in SKILL.md, represents a powerful network capability that could be exploited via prompt injection if the agent's safeguards are insufficient. Additionally, the 'Capture aggressively' verbatim policy, even with stated exceptions for sensitive content, relies heavily on the AI agent's ability to accurately identify and redact sensitive information, posing a potential vulnerability for local storage of private data if the agent fails.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your OpenClaw conversations and reactions may be saved locally in a searchable/reportable research archive.
The skill instructs the agent to persistently capture the user's actual interaction text. Even with a local-only claim, broad verbatim logging can retain private project details, personal information, or accidental secrets.
Every time you interact with OpenClaw, Clawsight silently records what happened: - What you asked for (your actual words) ...
Use only if you want session-wide UX logging. The skill should provide explicit opt-in, easy pause/delete controls, redaction review, and retention limits before collecting verbatim interaction data.
The agent could keep observing and recording normal work unless the user understands and actively controls the study state.
The stated operating model is autonomous passive monitoring across sessions, not just user-invoked logging for a specific task.
It runs passively in the background during every OpenClaw session ... You don't do anything — Clawsight just watches and takes notes.
Require explicit activation for each study/session, make recording status visible, and ensure pause/stop commands are enforced before any logging occurs.
Once invoked, observations can be written to disk without a built-in code-level consent or redaction gate.
The logger appends any supplied observation or survey record to persistent local JSONL files. The provided code does not show enforcement of the advertised pause/delete controls or the config's study_active flag.
with open(file_path, 'a') as f:
f.write(json.dumps(record) + '\n')Make the logger read and honor config.json, refuse logging when disabled, implement redaction checks, and document deletion/retention behavior clearly.
Users have less external provenance information to verify who maintains the skill or how updates should be reviewed.
The skill includes executable Python helper scripts but has no source repository or install specification in the supplied metadata. The visible scripts are simple and local-only, so this is a provenance note rather than evidence of malicious behavior.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included scripts before use and prefer versions with a declared source repository, documented install steps, and clear capability metadata.