Ponddepth Levels
ReviewAudited by ClawScan on May 18, 2026.
Overview
This overlay is mostly coherent, but it also creates persistent background jobs and ships under-disclosed code that can read local agent history or install other skills.
Review the scripts before installing. Only proceed if you are comfortable with UI files being copied into the OpenClaw install directory, recurring OpenClaw cron jobs being created, and local agent history being used for XP metrics. After uninstalling, manually check and remove PondDepth cron jobs, and be wary of the shipped skill-install queue and missing extension dependency.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may keep running scheduled tasks after the user thinks it has been removed.
The uninstall script only restores/removes UI assets. Since scripts/install.sh creates recurring OpenClaw cron jobs, the absence of cron cleanup means background tasks can continue after uninstall.
# 2) Remove PondDepth assets ... rm -f "$DIST/ponddepth-badge.js" ... rm -rf "$DIST/ponddepth-icons" ... echo "OK: removed PondDepth UI assets."
Add explicit removal of the PondDepth cron jobs during uninstall, and tell users how to verify with `openclaw cron list` and delete them.
Local conversation history or metadata may be read regularly to generate badge metrics, even though the output is only a local JSON summary.
The scheduled metrics task parses local OpenClaw session message logs and all-agent session metadata to compute XP, which is broader and more sensitive than the SKILL.md description makes clear.
SESS_DIR = Path("/Users/aibaobao/.openclaw/agents/main/sessions") ... payload = msg.get("message") ... run_json(["openclaw", "sessions", "--all-agents", "--json"])Make session-log access opt-in, document exactly which paths and fields are read, avoid hard-coded personal paths, and provide a setting to disable history-based metrics.
If this helper is run by a cron, agent, or user, it could add new skills and expand the agent’s capabilities without a clear review step.
The package contains an unadvertised helper that can install arbitrary ClawHub skills from a local queue without an explicit per-install confirmation. It is not referenced by SKILL.md or the install flow, but it is shipped code with high-impact mutation capability if invoked.
Reads: memory/skill-install-queue.json ... Attempts: `clawhub install <name>` ... subprocess.run(["clawhub", "install", name], ...)
Remove this helper from the package unless it is part of the advertised feature, or require explicit user approval and a signed/allowlisted queue before installing any skill.
Installation may fail or may rely on unreviewed local extension code outside the submitted package.
The installer depends on a PondDepth extension directory and TypeScript file that are not included in the manifest, creating a provenance gap for code that the Control UI may use.
EXT_DIR="$WS/.openclaw/extensions/ponddepth" ... echo "ERROR: missing ponddepth plugin at $EXT_DIR" ... cp -f "$EXT_DIR/index.ts" "$WS/.openclaw/extensions/ponddepth/index.ts"
Ship the referenced extension files in the package, remove the dependency, or clearly document and verify the external extension source.
Your local Control UI may display or store your ClawHub login name/status.
The skill checks the existing ClawHub login identity and writes the logged-in user/status to a local UI asset, which is purpose-aligned for the install CTA but still touches account identity.
cp = subprocess.run(["clawhub", "whoami"], ...); out["loggedIn"] = True; out["user"] = ...; p.write_text(... "clawhub-status.json")
Keep this local, document the exact field written, and avoid storing tokens or sensitive account details.