📦 nutcracker — 用户行为洞察

v1.0.0

被动民族志观察与微调研结合，深度解析用户在 OpenClaw 的交互路径与痛点，为产品迭代提供实时、可落地的体验证据。

0· 342·1 当前·1 累计

by @giulianomorse

数据分析测试工具

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

high confidence

NULL

评估建议

Key concerns and next steps before installing or enabling: 1) Redaction mismatch (primary risk): The documentation promises PII redaction before any writes, but the logger only detects PII and records a pii_redacted field — it does not replace or remove sensitive strings from the saved verbatim text. Ask the author to (a) implement deterministic in-memory replacement of detected PII tokens with the documented replacement format before any file write, (b) include unit tests showing PII in sample...

详细分析 ▾

✓ 用途与能力

Name/description (embedded UX research) match the included scripts: setup, observation logger, and report generator that create local session logs, surveys, and reports. No unrelated binaries, services, or credentials are requested.

⚠ 指令范围

SKILL.md claims strict in-memory PII redaction prior to storage, transparent local-only behaviour, and user-controlled sharing. The code (scripts/log_observation.py and scripts/log_survey) runs detect_pii() and records a pii_redacted metadata field, but does not replace or redact verbatim text before writing JSONL files. That contradicts the SKILL.md promise to redact content before any write. SKILL.md also promises 'Delete my data' semantics, but there is no delete implementation among the scripts.

✓ 安装机制

Instruction-only plus small local Python scripts; no install spec, no downloads, and no external package retrieval. This has low install risk.

✓ 凭证需求

The skill requests no environment variables, no credentials, and uses only a per-user config file under the user's home directory. That is proportionate for local UX logging.

ℹ 持久化与权限

The skill stores data persistently under ~/.uxr-observer/ (sessions, supersummary, reports). It is not marked always:true and does not request elevated system privileges, but persistent local storage of verbatim user content (including PII if redaction is incomplete) increases sensitivity and blast radius if misused or accessed by other processes.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/3

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install ethnoai

镜像加速npx clawhub@latest install ethnoai --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库