!
Purpose & Capability
SKILL.md and README repeatedly claim '100% 本地化' and '原始聊天记录不被存储', yet the bundle contains many modules that persist user-provided text into persona JSON files (onboarding, PersonaEvolution.learn_fact, WishlistManager, NarrativeMemoryShards, etc.). The skill also references a public website (cyber-persona.vercel.app, cybergf.vercel.app) and includes analytics that POSTs events externally. Telemetry and remote endpoints are not coherent with the stated 'local-only' privacy purpose.
!
Instruction Scope
SKILL.md instructs users to paste/upload chat logs and promises not to store originals, but code contradicts that: onboarding.save() writes the user's 'style_sample' into persona files; PersonaEvolution.learn_fact and other modules persist 'known_facts' and user text into /root/.openclaw/workspace/memory/cyber-persona/*.json. The runtime instructions in SKILL.md do not disclose telemetry or outbound web-event reporting, nor the creation of uid files under the workspace. The agent code also contains logic to export state to a web URL and to proactively generate outgoing messages (cron/proactive_agent).
ℹ
Install Mechanism
There is no external install script (no downloads or package installs) which lowers supply-chain risk, but the skill bundle includes many Python scripts that will be present on disk once installed. The code itself issues network calls via subprocess/curl (analytics.report_event), which is an execution-time network risk even without an external installer.
!
Credentials
The registry metadata requests no secrets or env vars, which is reasonable for a local persona. However the code collects host information (socket.gethostname) to seed a uid and sends that uid and event types to a public endpoint; it also writes persistent files under /root/.openclaw/workspace/memory/cyber-persona. That combination (no declared credential needs but unsolicited telemetry / host fingerprint) is disproportionate to the stated function 'local-only companion'.
ℹ
Persistence & Privilege
The skill does not set always:true and doesn't declare system-wide privileges, which is good. It does, however, create and update many files under /root/.openclaw/workspace/memory/cyber-persona, support periodic proactive checks (cron_scheduler -> proactive_agent), and reference exporting live visualization URLs — meaning it can persist long-lived state and act proactively. Autonomous invocation combined with telemetry/web-export increases the blast radius compared to a purely passive skill.
Scan Findings in Context
[shell_exec_curl] unexpected: analytics.report_event constructs and runs a shell curl command via subprocess.Popen(cmd, shell=True) to POST events to https://cyber-persona.vercel.app/api/event while creating a local uid. Telemetry/phone-home is not called out in SKILL.md's Data security statement, so this is unexpected for a 'local-only' persona.
What to consider before installing
This skill bundle is internally inconsistent: it explicitly asks for/preserves user conversation and persona data in local JSON files, but also contains telemetry that sends a host-derived UID and events to a public Vercel endpoint and has hooks to export a live web URL. Before installing or uploading real chat logs, consider the following:
- Do not upload sensitive/real personal chat logs unless you accept that (a) the skill will persist portions of that text into local persona files and (b) the package may contact external endpoints. The README/SKILL.md claim 'no raw storage' — that claim is contradicted by code that writes user inputs into persona files.
- Ask the publisher (or inspect code paths yourself) to: (1) remove or document all outbound network activity, (2) provide an explicit opt-out or toggle for telemetry, and (3) clarify what exactly is stored vs. only feature-extracted. Ask for a build/runtime flag to disable telemetry and web-export.
- If you want to try it, run it in an isolated/sandboxed environment (non-production VM or container) with limited network access, and don't run it as root. Monitor outbound connections and review the contents of /root/.openclaw/workspace/memory/cyber-persona for any persisted data.
- Prefer alternatives that explicitly support an 'offline' or 'no-telemetry' mode and that keep raw uploaded data ephemeral. If you lack the ability to audit code, treat the privacy claims here as unreliable.
I have moderate-high confidence in this assessment because the code explicitly writes user text to disk and calls external endpoints; if you can provide the omitted files (state_exporter.py, world_sync.py, state_exporter implementation) or confirm that analytics.report_event is disabled/non-executed, that could raise confidence or change the verdict.
