ClawHub

MBTI Analyzer

v0.4.0

Analyze a user's MBTI from authorized OpenClaw memory, session history, and workspace notes. Use when the user asks for MBTI analysis, personality inference...

1· 54·0 current·0 all-time
by@kingofsoysauce
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and runtime requirements align: the skill analyzes historical conversations and workspace notes and therefore legitimately needs Python and local read access to workspace files and OpenClaw session/memory files. No unrelated credentials or unusual binaries are requested.
Instruction Scope
SKILL.md prescribes a clear pipeline (discover → ingest authorized sources → build evidence → infer → render) and explicitly requires explicit authorization before reading content. However the discovery and ingestion targets include OpenClaw session JSONL and memory sqlite files (~/.openclaw/*), which can contain sensitive conversation history or other private data. The skill promises to exclude .env and credentials/* by default, but you should verify discover_sources.py/ingest_all_content.py actually implement those exclusions and that quoting options are respected.
Install Mechanism
No install spec is provided (instruction-only), and provided code is local Python scripts. There are no remote downloads or archive extraction steps in the manifest. This is lower risk than an installer that fetches arbitrary code at runtime.
Credentials
The skill requests no environment variables or external credentials, which is proportionate. It does require read access to local OpenClaw state and workspace files (including main.sqlite and sessions), which is appropriate for the stated purpose but warrants privacy consideration because those files may carry sensitive content.
Persistence & Privilege
always is false and the skill is user-invocable. Model invocation is not disabled (normal). The skill does write output artifacts to a local reports directory when run; it does not declare or request permanent elevated privileges or to modify other skills' configurations.
Assessment
This skill appears coherent for generating MBTI reports from your local OpenClaw history and workspace notes, but it reads potentially sensitive local data. Before installing or running it: 1) Confirm and explicitly authorize only the source categories you want analyzed (do not allow broad access by default). 2) Review discover_sources.py and ingest_all_content.py to verify they actually honor the declared exclusions (.env, credentials/*, identity/*) and do not read paths you consider sensitive. 3) Search the included Python files for network/networking calls (requests, urllib, http, socket), subprocess usage, or hard-coded external endpoints; if present, inspect what data they send and to whom. 4) Prefer running the skill in an isolated environment or on a copy of your workspace if you need to be cautious. 5) Disable quoting in the pipeline if you do not want any text excerpts included in the report. If you want higher assurance, request a full code review of the omitted files (build_evidence_pool.py, infer_mbti.py, render_report.py, mbti_common.py, discover/ingest scripts) to confirm there is no unexpected data exfiltration or filesystem access beyond the stated sources.

Like a lobster shell, security has layers — review code before you run it.

latestvk9728s7pzg6cmq2d0eqw4gvnc58480m0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binspython3

Comments