Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Sleep
v1.7.1睡觉技能。收到 /sleep 时,将当前 session 中未完成的事项记录到文件,然后通过 Gateway API reset session。醒来时 hook 自动读取并注入未完成事项到新 session 上下文。
⭐ 0· 96·0 current·0 all-time
by@axelhu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Overall the code and documentation implement the described sleep+wake behavior (write per-session preview files, call sessions.reset, hook injects preview on agent:bootstrap). However SKILL.md uses the openclaw CLI and python3 in examples and reads ~/.openclaw/openclaw.json for a gateway token, yet the skill metadata lists no required binaries or environment variables — a mismatch between declared requirements and actual instructions.
Instruction Scope
Instructions direct the agent/user to write a preview file containing 'technical details: code paths, configuration values, API endpoints, error messages' — which can encourage including secrets or sensitive configuration in a workspace file. The SKILL.md also instructs reading a local auth file (~/.openclaw/openclaw.json) to extract a gateway token and then calling sessions.reset. Accessing local authentication files and asking users/agents to record detailed config values goes beyond mere 'note-taking' and is a privacy risk.
Install Mechanism
This is instruction-only with a small handler.ts hook included as a template — there is no remote download or script execution from untrusted URLs. Hook installation is manual (copy files into ~/.openclaw/workspace/hooks/ and restart), which limits automatic code fetching risk. The handler is simple and performs only local filesystem operations and event-based injection.
Credentials
Metadata declares no required env vars or credentials, but the runtime example reads ~/.openclaw/openclaw.json to get gateway.auth.token (via a python snippet) and then supplies that token to the gateway call. The skill therefore expects access to a local auth token (not declared). Additionally, SKILL.md's encouragement to include configuration values and API endpoints in preview files can lead to storing secrets in workspace files with unclear protections.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. The hook writes a local log file (~/.openclaw/workspace/hooks/session-sleep-wake/hook.log) and reads/writes files within the user's workspace hooks and previews directories — scope is limited to its own paths. This is expected behavior for a hook, though local logs and preview files should be considered sensitive.
What to consider before installing
This skill appears to implement the described sleep/wake flow, but it contains a few mismatches and privacy risks you should consider before installing:
- Dependency mismatch: SKILL.md uses the openclaw CLI and python3 snippets (openclaw session current, openclaw gateway call, python json parsing) but the skill metadata lists no required binaries. Ensure your environment provides these tools before relying on the instructions.
- Local token access: The example resets the session by reading ~/.openclaw/openclaw.json to extract gateway.auth.token. That file contains an authentication token — installing or running the example will require access to that token. Confirm the file contents and permissions and avoid exposing that token to other agents or users.
- Sensitive data in previews: The instructions explicitly tell users/agents to include 'code paths, configuration values, API endpoints, error messages' in preview files. That can lead to secrets or credentials being written to workspace previews. Before using the skill, decide a safe policy: never put secrets/passwords/API keys in preview files; restrict filesystem permissions on the previews/ and hooks/ directories; consider redacting or encrypting sensitive fields.
- Audit the hook code: handler.ts is short and performs only local file reading/writing and event injection. Still, review it and confirm the log path (~/.openclaw/workspace/hooks/session-sleep-wake/hook.log) is acceptable and that logs won't leak sensitive content. If you have a central/shared machine (the 'main agent'), follow the install note to only install the hook there.
- Safer alternatives: instead of extracting tokens from local JSON, consider using an authenticated CLI command that obtains a scoped token or use an explicit, purpose-scoped token stored in a safer place. Limit which agents/users can call sessions.reset for other sessions.
Given these issues the skill is not clearly malicious, but the mismatches and the encouragement to store detailed config/context (which may include secrets) make it 'suspicious' — proceed only after applying the mitigations above and verifying tokens/files referenced by the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk9715wfme4nv2sad7n4ya8y07h83qwrz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.