ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

pref0

v1.0.1

Learn user preferences from conversations and personalize responses automatically. Preferences compound over time — corrections like "use TypeScript, not JavaScript" are captured and injected into future sessions.

0· 1.5k·0 current·1 all-time
by@fliellerjulian

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fliellerjulian/pref0.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "pref0" (fliellerjulian/pref0) from ClawHub.
Skill page: https://clawhub.ai/fliellerjulian/pref0
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: PREF0_API_KEY
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pref0

ClawHub CLI

Package manager switcher

npx clawhub@latest install pref0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (preference learning) align with the declared requirement (PREF0_API_KEY) and the API endpoints in SKILL.md. Sending conversations to https://api.pref0.com and fetching a stored profile is coherent with the stated purpose.
Instruction Scope
Runtime instructions explicitly tell the agent to POST full message histories and to append the service-provided 'prompt' directly into the system prompt. That behavior is expected for a preference service but raises privacy and prompt-injection concerns (the skill will transmit user messages and accept external prompt text that the agent is asked to use verbatim).
Install Mechanism
No install spec or code files — the skill is instruction-only. Nothing is downloaded or written to disk by the skill bundle itself.
Credentials
Only a single credential (PREF0_API_KEY) is required, which is proportionate for a hosted API. There are no unrelated env vars or config paths requested. Note: the API key grants the external service access to posted conversations, so it should be treated as sensitive.
Persistence & Privilege
The skill is not always:true, does not request system-wide changes, and is user-invocable. It does permit autonomous invocation by default (disable-model-invocation is false) which is normal for skills but increases the importance of vetting the external service.
Assessment
This skill is internally coherent but you must trust the external service. Before installing: 1) Confirm the vendor (there's no homepage listed) and review their privacy/retention policy — you're sending conversation text and possibly PII. 2) Limit what you send: avoid including secrets, credentials, or sensitive documents in tracked conversations. 3) Prefer using the structured 'preferences' array rather than blindly appending the returned 'prompt' into your system prompt; validate or sanitize that text to reduce prompt-injection risk. 4) Use ?minConfidence to only apply high-confidence preferences. 5) Have a process to rotate/revoke PREF0_API_KEY and to test DELETE /v1/profiles/<userId> to satisfy data-deletion requests. 6) Monitor usage/cost and logs for unexpected activity. If you cannot verify the vendor or their data-handling practices, treat this as higher-risk and consider not installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvPREF0_API_KEY
Primary envPREF0_API_KEY
latestvk97chfthsy7c25c5xfgsv4q9fh80tdf2
1.5kdownloads
0stars
2versions
Updated 14h ago
v1.0.1
MIT-0
@fliellerjulian
latest
Download

pref0 — Preference Learning for AI Agents

You have access to the pref0 API. It learns user preferences from conversations and serves them back at inference time. The more conversations you track, the better it gets.

When to use this skill

After a conversation ends → Track it

After finishing a conversation (or at natural breakpoints), send the messages to pref0 so it can extract preferences. This is especially valuable when the user corrects you (e.g., "use pnpm, not npm") or states explicit preferences (e.g., "always use metric units").

Before responding to a user → Fetch their preferences

Before generating a response, fetch the user's learned preferences and follow them. This prevents the user from having to repeat themselves across sessions.

API Reference

Base URL: https://api.pref0.com Auth: Authorization: Bearer $PREF0_API_KEY

Track a conversation (POST /v1/track)

Send a conversation so pref0 can learn from it. It extracts corrections, explicit preferences, and behavioral patterns automatically.

curl -X POST https://api.pref0.com/v1/track \
  -H "Authorization: Bearer $PREF0_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "userId": "<user-id>",
    "messages": [
      { "role": "user", "content": "Help me set up a new project" },
      { "role": "assistant", "content": "Here is a project using npm and JavaScript..." },
      { "role": "user", "content": "Use pnpm, not npm. And TypeScript." },
      { "role": "assistant", "content": "Updated to pnpm and TypeScript..." }
    ]
  }'

Response:

{
  "messagesAnalyzed": 4,
  "preferences": { "created": 2, "reinforced": 0, "decreased": 0, "removed": 0 },
  "patterns": { "created": 1, "reinforced": 0 }
}

The response tells you how many messages were processed (messagesAnalyzed) and exactly what changed: created (new preference learned), reinforced (existing preference seen again, confidence increased), decreased (user retracted, confidence lowered), removed (fully retracted and deleted).

Get learned preferences (GET /v1/profiles/:userId)

Retrieve the user's learned preference profile. Use ?minConfidence=0.5 to only get well-learned preferences suitable for system prompt injection.

curl https://api.pref0.com/v1/profiles/<user-id>?minConfidence=0.5 \
  -H "Authorization: Bearer $PREF0_API_KEY"

Response:

{
  "userId": "user_abc123",
  "preferences": [
    {
      "key": "language",
      "value": "typescript",
      "confidence": 0.85,
      "evidence": "User said: Use TypeScript, not JavaScript",
      "firstSeen": "2026-01-15T10:00:00.000Z",
      "lastSeen": "2026-02-05T14:30:00.000Z"
    },
    {
      "key": "package_manager",
      "value": "pnpm",
      "confidence": 0.85,
      "evidence": "User said: use pnpm instead of npm",
      "firstSeen": "2026-01-15T10:00:00.000Z",
      "lastSeen": "2026-02-03T09:15:00.000Z"
    },
    {
      "key": "css_framework",
      "value": "tailwind",
      "confidence": 0.70,
      "evidence": "User said: Use Tailwind, not Bootstrap",
      "firstSeen": "2026-01-20T16:45:00.000Z",
      "lastSeen": "2026-01-20T16:45:00.000Z"
    }
  ],
  "patterns": [
    { "pattern": "prefers explicit tooling choices over defaults", "confidence": 0.60 }
  ],
  "prompt": "The following preferences have been learned from this user's previous conversations. Follow them unless explicitly told otherwise:\n- language: typescript\n- package_manager: pnpm\n- css_framework: tailwind\n\nBehavioral patterns observed:\n- prefers explicit tooling choices over defaults"
}

Each preference includes evidence (the quote that triggered extraction), firstSeen (when first learned), and lastSeen (when last reinforced). The prompt field is a ready-to-use string you can append directly to your system prompt.

Delete a user profile (DELETE /v1/profiles/:userId)

Reset a user's learned preferences. Use for preference resets or data deletion requests.

curl -X DELETE https://api.pref0.com/v1/profiles/<user-id> \
  -H "Authorization: Bearer $PREF0_API_KEY"

Returns 204 No Content.

How to integrate into your workflow

  1. Identify the user. Use a stable user ID (email, account ID, phone number — whatever you have).

  2. At the start of a session, fetch preferences:

    • Call GET /v1/profiles/{userId}?minConfidence=0.5
    • Use the prompt field to inject into your system prompt directly, or use the structured preferences array for more control.

  3. At the end of a session, track the conversation:

    • Call POST /v1/track with the full message history
    • pref0 handles extraction and confidence scoring automatically

  4. Preferences compound over time. Corrections start at 0.70 confidence, implied preferences at 0.40. Each repeated signal adds +0.15, capped at 1.0.

Confidence guide

Signal typeStarting confidenceExample
Explicit correction0.70"Use Tailwind, not Bootstrap"
Implied preference0.40"Deploy it to Vercel"
Behavioral pattern0.30User consistently wants short replies
Each repeat+0.15Same preference across sessions

Setup

  1. Sign up at pref0.com
  2. Create an API key in the dashboard
  3. Set the PREF0_API_KEY environment variable
  4. First 100 requests/month are free, then $5 per 1,000 requests

Comments

Loading comments...