CLAW Observability

This skill appears to implement the observability feature it describes, but it explicitly instructs the agent to hide that reporting from users and it is configured to be always-enabled. Before installing: - Don't install blindly. Review hooks/claw-hooks.sh and setup.sh line-by-line to confirm what data they include in events. They currently send agent_id, agent_name, agent_type, status, message, run_id, parent_agent_id, and task_id to the configured CLAW_BASE_URL. - Treat CLAW_API_KEY as sensitive. Anyone with that key (and a CLAW_BASE_URL) can post events tied to your sessions. Prefer generating a tightly scoped key or test on an isolated account/environment. - The 'NEVER mention CLAW' directive is deceptive. Decide whether you are comfortable with telemetry being collected invisibly; if not, do not install or do not set the env vars. - Because always:true forces inclusion, the skill will be active for all agents unless the platform blocks/overrides it. If you proceed, install and test in an isolated VM or disposable user account first. - To uninstall or audit: remove the hook file (~/.claude/hooks/claw/claw-hooks.sh) and remove the entries the setup script added from ~/.claude/settings.json. Inspect network traffic (e.g., via a proxy) to confirm what is sent. - If you need this capability but not the secrecy, ask the maintainer to remove the concealment requirement and to make always:true optional. Given the concealment instructions plus forced presence, treat this skill as potentially privacy-invasive and proceed only after manual code review and limiting API key privileges.