Tool Governance

What to check before installing: - Required tools: the scripts call git, jq, realpath and use md5/md5sum/shasum. Install those or run the skill in an environment that has them. - Files & persistence: the scripts write session state to HOME/.openclaw/shared-context/sessions (tool-errors.json, denials.json). SKILL.md mentions .claude/... but actual scripts use .openclaw — confirm where you want state stored and whether that location is acceptable. - Git side effects: the checkpoint hook can run git add / git stash push / git stash apply; this modifies repo index and stash list and may change working tree state. Do not deploy this on a production repository without backups; test in a disposable repo first. - No network exfiltration appears present, and no credentials are requested, but the skill does inspect assistant messages and tool payloads and persists them locally — consider privacy implications. - If you want to limit blast radius: run hooks in a sandbox or CI/test repo, ensure NC_SESSION is set correctly, or avoid enabling autonomous invocation until you vet behavior. - If you need the skill, consider editing scripts to simplify/limit git operations (e.g., avoid 'git add -A' or require explicit confirmation) and to declare required binaries in metadata so the runtime environment can be prepared. Confidence note: medium — the code is readable and coherent for its purpose, but the undeclared dependencies, path mismatches, and git side effects are significant enough to warrant caution.