Sleep

睡觉技能。收到 /sleep 时，将当前 session 中未完成的事项记录到文件，然后通过 Gateway API reset session。醒来时 hook 自动读取并注入未完成事项到新 session 上下文。

This skill appears to implement the described sleep/wake flow, but it contains a few mismatches and privacy risks you should consider before installing: - Dependency mismatch: SKILL.md uses the openclaw CLI and python3 snippets (openclaw session current, openclaw gateway call, python json parsing) but the skill metadata lists no required binaries. Ensure your environment provides these tools before relying on the instructions. - Local token access: The example resets the session by reading ~/.openclaw/openclaw.json to extract gateway.auth.token. That file contains an authentication token — installing or running the example will require access to that token. Confirm the file contents and permissions and avoid exposing that token to other agents or users. - Sensitive data in previews: The instructions explicitly tell users/agents to include 'code paths, configuration values, API endpoints, error messages' in preview files. That can lead to secrets or credentials being written to workspace previews. Before using the skill, decide a safe policy: never put secrets/passwords/API keys in preview files; restrict filesystem permissions on the previews/ and hooks/ directories; consider redacting or encrypting sensitive fields. - Audit the hook code: handler.ts is short and performs only local file reading/writing and event injection. Still, review it and confirm the log path (~/.openclaw/workspace/hooks/session-sleep-wake/hook.log) is acceptable and that logs won't leak sensitive content. If you have a central/shared machine (the 'main agent'), follow the install note to only install the hook there. - Safer alternatives: instead of extracting tokens from local JSON, consider using an authenticated CLI command that obtains a scoped token or use an explicit, purpose-scoped token stored in a safer place. Limit which agents/users can call sessions.reset for other sessions. Given these issues the skill is not clearly malicious, but the mismatches and the encouragement to store detailed config/context (which may include secrets) make it 'suspicious' — proceed only after applying the mitigations above and verifying tokens/files referenced by the skill.

Type: OpenClaw Skill Name: openclaw-sleep Version: 1.7.1 The skill implements a session state preservation mechanism that requires the AI agent to read the user's local configuration file (~/.openclaw/openclaw.json) to extract a gateway authentication token. It then uses this token to programmatically reset the session via the 'openclaw gateway call' command. While these actions are aligned with the stated 'sleep' and 'wake' functionality, the practice of an AI agent programmatically accessing and utilizing its own platform credentials from disk is a high-risk pattern. The bundle also includes a TypeScript hook (handler.ts) that executes during the agent's bootstrap phase to inject data into the session context.