← Back to Skills Marketplace
giulianomorse

observerclaude

by giulianomorse · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
352
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install observerclaude
Description
An embedded UX research ethnographer that passively observes everything users do in OpenClaw, automatically logs all interactions, tracks use cases and their...
Usage Guidance
What to consider before installing: - Privacy impact: This skill is designed to capture verbatim user text from every OpenClaw interaction and persist it locally. If you use the agent for any sensitive work (emails, credentials, personal data), those words may be logged unless redaction works correctly. Assume high-risk data could be recorded. - Contradictory redaction rules: The observer contains two conflicting instructions: one place says only redact passwords/API keys/financial secrets, while redaction-rules.md mandates redacting names, emails, phone numbers, IPs, URLs-with-tokens, etc. Ask the author to reconcile this and demonstrate the exact redaction implementation before use. - Provenance and trust: The skill has no homepage and an unknown source owner. Prefer skills from identifiable, auditable publishers. Request the author's identity, source control URL, and a code audit or sign-off before using it in production or on sensitive accounts. - Data location & protection: The skill writes to ~/.uxr-observer by default. Confirm where those files will live, who can read them, whether they are encrypted at rest, and implement filesystem permissions or encryption if you allow it. - Autonomy & scope: Although not forced 'always:true' by the registry, the skill expects to run on every conversation. If you install it, consider disabling autonomous invocation (or set study_active=false in its config) until you verify behavior. Limit it to explicit, opt-in sessions rather than automatic invocation. - Integrations & sending reports: The skill plans to create Google Docs and send emails using available tools. Confirm how your environment routes those actions and which credentials will be used. Do not give it unrelated service credentials unless you understand and approve them. - Testing steps before full use: run the skill in a sandbox account, confirm redaction outputs (and the redaction log) on sample interactions that include names, emails, code snippets with API keys, etc.; verify generate-charts.py runs without network access; verify that no unexpected outbound network requests occur. - If you proceed: require explicit user consent before the skill begins observation, ensure study_active is false by default, and review/rotate or restrict access to the created ~/.uxr-observer directory. If you are uncomfortable with pervasive verbatim logging or the unknown author, do not install.
Capability Analysis
Type: OpenClaw Skill Name: observerclaude Version: 1.0.0 The skill is designed for legitimate UX research, collecting extensive user interaction data and storing it locally. It explicitly states that data is never transmitted without user consent and outlines a comprehensive PII redaction policy for reports. However, a critical vulnerability exists in the instructions given to the 'Observer Agent' within `sub-agent-prompts.md`. This agent is explicitly told to 'Only redact passwords, API keys, and financial secrets. Everything else is captured verbatim.' This instruction is less comprehensive than the full redaction rules in `redaction-rules.md`, meaning raw observation and survey logs (`observations.jsonl`, `surveys.jsonl`) will store unredacted sensitive PII (e.g., full names, email addresses, confidential project names, IP addresses, authenticated URLs) on local disk. While reports are redacted, the raw data on disk is at higher risk of exposure if the local data directory is compromised.
Capability Assessment
Purpose & Capability
Name, description, and included files consistently implement a full-featured UX observer that logs interactions, runs surveys, and produces reports — so the declared purpose matches the capabilities. Concerns: the publisher/source is unknown and there is no homepage or provenance; the skill's instructions demand continuous per-conversation observation ('Use this skill on EVERY conversation') even though registry flags do not force always-on privilege (always:false). The skill also instructs creating and writing a persistent data store under ~/.uxr-observer, which is proportionate to its purpose but high-impact and deserves scrutiny given unknown ownership.
Instruction Scope
The SKILL.md explicitly tells the agent to capture users' 'ACTUAL WORDS' and persist them immediately to ~/.uxr-observer, run post-task surveys after every completed task, run end-of-day reports, and attempt to create/send Google Docs/email reports via available tools. Critically, the Sub-Agent prompt says 'Only redact passwords, API keys, and financial secrets. Everything else is captured verbatim' while redaction-rules.md enumerates many more PII types to always redact (names, emails, phones, IPs, etc.) — this is a direct contradiction in the runtime instructions. The instructions also require immediate file creation and self-repair behaviors (create missing dirs, reinitialize files), which expand the agent's scope to persistent filesystem writes and self-healing actions on the host.
Install Mechanism
No install spec — instruction-only skill with one benign Python charting script. No network-download or package installation is declared. generate-charts.py reads local files and uses matplotlib if present; no external code-fetching or remote endpoints are embedded in the code files provided.
Credentials
The skill declares no required environment variables or credentials, which is consistent with the provided code and instructions. However, it instructs using 'Google Docs/Drive tools' and 'available email tools' to create and send reports; those behaviors will rely on platform integrations or additional credentials that are not declared by the skill itself. In other words, it expects the agent/platform to already provide mail/drive access — verify how your environment implements sending (and whether credentials will be used).
Persistence & Privilege
The skill requires persistent disk storage under ~/.uxr-observer and directs immediate, append-only logging after every interaction. Although always:false (not force-enabled globally), the SKILL.md expressly demands to 'run continuously' and 'use this skill on EVERY conversation', which effectively requires frequent autonomous invocation. This combination (continuous logging + immediate persistence + autonomous invocation) significantly increases privacy risk and blast radius if misconfigured or if redaction is incorrect.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install observerclaude
  3. After installation, invoke the skill by name or use /observerclaude
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
uXR-Observer 1.0.0 introduces a comprehensive embedded UX research ethnographer for OpenClaw, continuously capturing and analyzing user interactions. - Observes all OpenClaw user interactions and logs structured data, verbatim quotes, and summaries on disk in real time. - Automatically tracks usage patterns, friction/delight events, API token estimates, fail states, and user wins. - Runs post-task and end-of-day surveys; logs all responses while supporting user privacy and survey choice. - Generates detailed daily UX research reports (with charts), summarizing findings with optional, user-controlled email delivery. - Provides robust self-monitoring: persistent heartbeat, gap detection, system event logging, and data storage integrity checks. - Ensures all captured data is immediately written to disk, never forgotten, and never shared without explicit user consent.
Metadata
Slug observerclaude
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is observerclaude?

An embedded UX research ethnographer that passively observes everything users do in OpenClaw, automatically logs all interactions, tracks use cases and their... It is an AI Agent Skill for Claude Code / OpenClaw, with 352 downloads so far.

How do I install observerclaude?

Run "/install observerclaude" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is observerclaude free?

Yes, observerclaude is completely free (open-source). You can download, install and use it at no cost.

Which platforms does observerclaude support?

observerclaude is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created observerclaude?

It is built and maintained by giulianomorse (@giulianomorse); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments