ClawHub

OpenClaw Hook Examples

v1.0.0

Provides example hooks for OpenClaw to intercept, modify, block tool calls, switch models, log actions, and handle subagent events.

0· 45·0 current·0 all-time
by@hanxiao-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the content: the SKILL.md contains example hook handlers for intercepting/modifying/blocking tool calls, switching models, logging, and handling subagent events. It does not request unrelated binaries, env vars, or installs.
Instruction Scope
The instructions stay within the expected runtime hook domain (event, ctx, session, tool, messages). They demonstrate blocking tools, validating exec commands, model switching, and logging. Minor inconsistencies: the doc headline says "Record all tool calls to a file" but the example uses console.log; it also says "Hooks are synchronous" while examples use async handlers. Also note: the examples log tool params and subagent results — if copied verbatim into a real plugin this could expose sensitive inputs/outputs to logs or external sinks.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing will be downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. Example code references runtime context only (ctx, event) and a provider string (ollama) but does not require any keys in the skill metadata.
Persistence & Privilege
always is false and the skill is user-invocable only. It does not request permanent presence or modify other skills' configs. The default ability for autonomous invocation is set to false only in metadata? (normal platform default applies) — no extra privileges are requested.
Assessment
This file is a set of examples, not an active plugin: installing it as-is does nothing because there is no install or code to run. If you or a developer copy these examples into a real plugin, be aware: hooks can block or modify tool calls and may log parameters and results — avoid logging or exporting sensitive data, validate and sanitize inputs carefully, and confirm any model/provider strings (e.g., ollama) match your environment and credential posture. Also fix the minor inconsistencies (sync vs async, intended log destination) before using in production. If you plan to run a plugin built from these examples, review where logs go and which sessions are considered "elevated" to prevent accidental exposure or overly broad blocking behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk974spemaq2cte615a3zr29yhh841m7c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments