skill-sediment

The stated purpose matches much of the implementation: it installs an OpenClaw plugin that reviews conversations, creates SKILL.md files, and promotes them into skills/. That capability is inherently high impact because it can change future agent behavior automatically.

Auto-review is enabled by default, broad conversation context is sent to a review subagent, and the review prompt asks for verbatim user intent quotes in handoff state. The docs disclose background listening at a high level but do not give strong consent, redaction, or privacy controls.

The installer copies bundled plugin source into the OpenClaw extension directory, may edit openclaw.json and clawconfig files, and can restart the gateway. These are purpose-aligned and mostly disclosed, but the optional environment-controlled CDN fallback has optional rather than mandatory checksum verification.

The plugin reads local session messages and emits UBA/reportSession records containing session identifiers, model/token metadata, outcomes, and skill names. That backend reporting is not prominently disclosed in the user-facing README or manifest.

The plugin persists review checkpoints and generated skill metadata, and can move generated content from sediment_skills/ into the engine-loaded skills/ directory. It has guards, scanning, and second-hit checks, but this remains persistent mutation of the agent instruction surface.