Dual-core efficiency improvement skill: (1) Actively collect user work background, preference habits through Socratic guided Q&A, automatically sync and upda...
Security Analysis
medium confidenceThe skill's stated purpose (collect user preferences and update OpenClaw configs) matches the included code, but there are multiple mismatches and ambiguous behaviors—notably hard-coded filesystem writes to core config files, vague 'resident' collection instructions, and metadata that doesn't declare required config access—so you should review and limit its privileges before installing.
The skill's name/description (collect user profile and sync to OpenClaw config files) aligns with the provided script: scripts/collector.py implements question-driven collection and appends updates to AGENTS.md, SOUL.md, MEMORY.md, USER.md, TOOLS.md. However, the implementation uses a hard-coded WORKSPACE_ROOT (/workspace/projects/workspace) rather than declaring required config paths in metadata, which is an unexpected design choice and could cause it to write outside the skill directory.
SKILL.md instructs active/passive collection (including 'resident' passive recognition during daily conversations) and automatic syncing of collected info to core config files. That gives the agent broad discretion to monitor interactions and modify central config files. The auto-trigger-after-install claim in the instructions is inconsistent with registry flags (always:false) and is vague about what exactly will be auto-run or when explicit confirmation is required.
No install spec (instruction-only) and one included script file. Low install friction (no external downloads). But the presence of executable Python code means the skill can perform filesystem writes when run — review and audit the script before execution.
Metadata declares no required config paths or credentials, yet the script writes to multiple core OpenClaw configuration files at a hard-coded path. This is a mismatch: the skill will need filesystem write access to those locations but does not declare it. The script can modify agent behavior by appending to AGENTS.md, SOUL.md, MEMORY.md and USER.md, which is a higher privilege than the metadata implies.
always:false (not force-installed) but disable-model-invocation:false (agent can invoke autonomously). Combined with SKILL.md's resident/passive collection design and the script's ability to update core configuration files, this gives a broad potential blast radius if the skill is allowed to run autonomously. The skill does not request persistent installation itself, but its described behavior implies ongoing monitoring and automated writes.
Guidance
Before installing: (1) Review scripts/collector.py line-by-line and confirm the target WORKSPACE_ROOT (/workspace/projects/workspace) is correct and safe for writes; (2) Back up your AGENTS.md, SOUL.md, MEMORY.md, USER.md, and TOOLS.md files so accidental or malicious edits can be reverted; (3) If you permit this skill, restrict its filesystem permissions or run it in a sandbox/container so it cannot modify unrelated files; (4) Clarify whether the skill will truly only record after explicit user confirmation (SKILL.md is vague about automatic passive recording); (5) Prefer changing the hard-coded path to a configurable, declared config path in metadata so consent is explicit. If you cannot audit or constrain the script, treat the skill as potentially risky and avoid granting it autonomous invocation or broad filesystem access.
Latest Release
v1.0.0
v1.0.0 Initial Release - Dual core features launched: 1. Personalized user portrait construction: supports dual modes of questionnaire centralized collection + daily fragmented collection, automatically syncs and updates OpenClaw configuration files, zero threshold to build exclusive AI assistant 2. Task/optimization workflow standardization: enforces the 4-step process of "Requirement Alignment → Plan Output → User Confirmation → Execution", fundamentally eliminates invalid back-and-forth communication in negative feedback/skill optimization scenarios - Supports breakpoint resume: information collection process can be interrupted at any time, progress will be automatically restored next time - Built-in Chinese/English versions, adapted to users of different languages
More by @zzzanezhou0829
Published by @zzzanezhou0829 on ClawHub
