User Context Scanner

The skill is a user-profile scanner and the code implements local scanning, evidence storage, confidence calculation and quiz generation; that matches the stated purpose. However documentation repeatedly claims "data only saved locally, not uploaded" while multiple configuration flags (publishPatternSignals, publishContradictionSignals, publishProfileUpdateSignals, publishQuizSignals, publishQuizSignals in config-loader) indicate the skill is designed to publish signals to an external 'proactive-engine' or other listeners. This discrepancy between 'local-only' claims and explicit publish flags is unexplained and concerning.

SKILL.md and examples only show running node scripts/scanner.js and processing signals, but the code scans ~/.openclaw/workspace/memory for all .md files and extracts personal data with regexes, then writes evidence and profile JSON under ~/.openclaw/workspace/.soul. That scanning can ingest arbitrary local content (potentially sensitive). The SKILL.md/collect-user-context.md emphasize privacy and local-only storage, yet the scanner code will process any files placed in the memory directory and the configuration allows publishing signals; SKILL.md also contained a pre-scan prompt-injection finding (unicode-control-chars) which may hide instructions — this expands runtime scope beyond the visible examples.

No install spec in registry metadata (instruction-only), but repository includes package.json with external npm dependencies (natural, commander, chalk, date-fns). Installing will require npm install; no suspicious remote download URLs were found. Risk is moderate because code runs on the user's machine and will write to the workspace when executed, but there is no evidence of an external download/exec during install.

The skill declares no required environment variables or credentials. It uses HOME to build local paths (e.g., ~/.openclaw/workspace) which is proportional to a local CLI scanner. No unrelated cloud credentials or system-level tokens are requested in the manifest.

The skill is not marked always:true (good). It stores persistent files and state under ~/.openclaw/workspace/.soul (user-profile.json, user-evidence.jsonl, scanner-state.json, scanner-config.json). That local persistence is reasonable for a profile manager, but combined with the 'publish*Signals' flags and the undisclosed implementation of scripts/utils/signal-manager.js (not included in the reviewed snippets) it raises the possibility of transmitting derived data or signals outside the machine. Autonomous invocation is allowed by default; together with persistent state and publish flags the blast radius is larger if signal-manager publishes externally.