Smart Follow-ups
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned for generating follow-up suggestions, with the main things to notice being optional external API-key use and sharing recent conversation context with the configured AI provider.
This looks safe to install for its stated purpose if you are comfortable with the skill using recent chat context to generate suggestions. Prefer the default OpenClaw-native mode, keep autoTrigger off unless you want automatic suggestions, and only use the standalone CLI or external-provider API keys if you understand where your context and credentials will be sent.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you run the standalone CLI or configure an external provider, your provider API key may be used for model requests and could incur costs.
The CLI can read provider API keys from the environment. This is sensitive credential handling, but the artifacts describe it as optional standalone/provider functionality.
const apiKey = options.apiKey || process.env.OPENROUTER_API_KEY || process.env.ANTHROPIC_API_KEY;
Use the default OpenClaw-native mode unless you need the CLI; if using external providers, use scoped keys, avoid logging them, and rotate them if exposed.
Recent conversation content may be processed by OpenClaw's configured model provider, or by OpenRouter/Anthropic if you choose those modes.
The skill may send recent conversation context to the configured AI provider to generate suggestions. The documentation discloses this and says it is limited to recent exchanges.
With OpenRouter: Your recent exchanges are sent to OpenRouter's API... With direct Anthropic: Your recent exchanges are sent to Anthropic's API.
Avoid using external-provider modes for highly sensitive chats unless you are comfortable with that provider's privacy policy.
Enabling auto-trigger could increase model calls, cost, and the amount of conversation context processed for follow-up generation.
Deployment documentation shows auto-triggering is configurable and recommends starting with it disabled. If enabled, the skill may generate follow-ups automatically after responses.
"autoTrigger": false
Keep autoTrigger disabled unless you explicitly want suggestions after every AI response.
Users have less external information to verify the package origin or maintainer history.
The package provenance is not strongly documented in the registry metadata. This is not evidence of malicious behavior, but it limits independent verification.
Source: unknown; Homepage: none
Install from a trusted ClawHub listing and review the package contents, especially runnable JavaScript files, before enabling optional provider or CLI features.