Event-Watcher

This skill appears to implement the advertised watcher functionality, but there are several important caveats you should consider before running it: - Undeclared env vars: The skill's metadata does not list environment variables it actually uses (e.g., REDIS_URL/REDIS_PASSWORD, OPENCLAW_SESSION_KEY, OPENCLAW_SESSION_STORE, and various EVENT_WATCHER_* paths). Treat this as a red flag — confirm what credentials you must provide and where. - Session store access: By default the watcher searches and reads ~/.openclaw and ~/.openclaw/agents/*/sessions/sessions.json to resolve sessions. That may expose session IDs and conversation context from other agents. If you don't want that, set wake.disable_session_store_lookup: true or supply an explicit wake.session_id / a controlled OPENCLAW_SESSION_STORE path. - Prompt injection & safety: The skill can prepend a safety header by default — keep that enabled unless you are sure all sources are trusted. Do not disable wake.add_source_preamble unless you fully control all webhook/stream payloads. - Run in an isolated environment: Because it will read local files and may be long-running, run the watcher under a dedicated user, container, or VM, and restrict filesystem access to only the paths you expect it to use. - Review and test: Inspect the scripts (already included) for any behavior you don't want, especially how it constructs subprocess calls to the openclaw CLI. Test with a non-production config and minimal privileges (no production Redis credentials) first. - If you proceed: explicitly set OPENCLAW_SESSION_STORE to a single, controlled session file (or use wake.session_id), provide only the Redis credentials needed for the specific stream, and keep logging/dead-letter paths in a directory you control. If you want, I can list the exact lines where the skill reads session files and environment variables and suggest a minimal configuration that limits its scope.