openclaw-insight
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s analytics purpose is clear, but it recommends installing an unreviewed remote tool that will read your local OpenClaw session history.
Review the GitHub installer and binary provenance before installing. If you proceed, consider pinning a specific version, limit the number of sessions or days analyzed, and treat generated reports as private because they may reflect your OpenClaw conversation history.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it could run unreviewed code on your machine before you have confirmed what it does.
The recommended setup executes a mutable remote install script and installs a downloaded binary, while the reviewed package contains only instructions and no code or install spec to validate that behavior.
curl -fsSL https://raw.githubusercontent.com/linsheng9731/openclaw-insight/main/install.sh | bash ... Download the appropriate binary release
Inspect the installer and release artifacts first, prefer a pinned version with independently verifiable checksums, and avoid piping remote scripts directly to bash unless you trust the source.
The generated report may summarize or expose private details from your local AI assistant history.
The tool is documented as reading local OpenClaw session metadata and transcripts to generate reports; this is purpose-aligned, but those files may contain sensitive prompts, outputs, or workflow details.
~/.openclaw/ agents/{agentId}/ sessions/ sessions.json ... {sessionId}.jsonl # Per-session conversation transcriptsLimit the analysis window and agent scope when possible, review generated reports before sharing them, and only run the tool if you are comfortable with it processing your local session history.