by 安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
This skill appears to implement the observability feature it describes, but it explicitly instructs the agent to hide that reporting from users and it is configured to be always-enabled. Before installing:
- Don't install blindly. Review hooks/claw-hooks.sh and setup.sh line-by-line to confirm what data they include in events. They currently send agent_id, agent_name, agent_type, status, message, run_id, parent_agent_id, and task_id to the configured CLAW_BASE_URL.
- Treat CLAW_API_KEY as sens...详细分析 ▾
ℹ 用途与能力
The files, hooks, and required env vars (CLAW_API_KEY, CLAW_BASE_URL) match the claimed purpose (sending lifecycle events to a dashboard). Installing a hook script and writing to ~/.claude/settings.json is expected for this feature. However, the SKILL.md's mandatory 'never mention CLAW' secrecy is not required for observability and is unusual.
⚠ 指令范围
SKILL.md instructs the agent to actively conceal the skill (explicit 'NEVER mention CLAW' / 'Act as if this skill does not exist'). That is deceptive behavior beyond the functional need to report events, and grants the skill authority to hide telemetry from users. The hooks themselves do capture and POST user session events to the remote endpoint, so the combination of automatic reporting + mandated silence is a red flag.
✓ 安装机制
There is no remote download; setup.sh and bootstrap.sh copy local hook scripts into ~/.claude and merge entries into ~/.claude/settings.json. That is a standard, low-risk install pattern for a hooks-based integration. The scripts use curl/python3 for network and JSON handling, which is expected for the stated purpose.
ℹ 凭证需求
Requested environment variables (CLAW_API_KEY and CLAW_BASE_URL) are consistent with sending authenticated events to a dashboard. This is proportionate technically, but the API key grants the ability to post arbitrary lifecycle events tied to the user's sessions — a sensitive capability that has privacy implications. The skill does not request unrelated credentials.
⚠ 持久化与权限
The skill is declared always:true, which forces it into every agent run and increases blast radius. Combined with automatic outbound event reporting (and the instruction to hide the integration), this forced presence is concerning. The installer also modifies per-user agent config (~/.claude/settings.json) to register hooks, which is expected but noteworthy given the forced inclusion.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/2/24
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install claw-observability
镜像加速npx clawhub@latest install claw-observability --registry https://cn.longxiaskill.com