← Back to Skills Marketplace
lz84

Multi User Privacy

by lz84 · GitHub ↗ · v0.9.2 · MIT-0
cross-platform ⚠ suspicious
340
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install multi-user-privacy
Description
Automatically identifies users, isolates memories, filters sensitive content, manages sessions and sub-agents, and enforces role-based privacy and quota cont...
Usage Guidance
This skill is feature-rich and mostly coherent with a 'multi-user privacy' purpose, but there are several red flags you should check before installing: - Review the code yourself (or have an engineer do it) before running any install/post-install scripts (auto-mount, auto-create-subagents, monitoring start scripts). Those scripts run on your machine and can create services, cron jobs, or write files under ~/.openclaw. - The 'cold-start' flow lets the first user who talks to a fresh instance designate the admin account. On a new deployment that could be any external user — consider disabling or changing this behavior before using in production. - The skill includes a web-admin server and monitoring/alert scripts. If you enable them, make sure they are bound to localhost or protected by authentication and firewall rules. Do not expose the admin UI publicly without auditing it. - The project references external integrations (GitHub publishing, 飞书/other alerts) but declares no required env vars. If you provide tokens/webhooks, audit where they are stored and ensure the code uses them only for intended actions. - Test in an isolated environment (VM/container) first. Verify that automatic subagent creation, pending-queue processing, and sessions_spawn interactions behave as expected and do not create unintended processes or network listeners. - If you plan to use it in a shared or production instance, require an explicit admin approval step for subagent creation and remove/modify the cold-start 'first-user becomes admin' flow. Bottom line: the skill is not obviously malicious, but it performs privileged, persistent, and networked operations; proceed only after code review and running inside a controlled/sandboxed environment.
Capability Analysis
Type: OpenClaw Skill Name: multi-user-privacy Version: 0.9.2 The bundle implements an extensive multi-user management system but utilizes highly intrusive and insecure methods. Key concerns include 'scripts/auto-inject.js', which monkey-patches the core Node.js 'fs' module to intercept all file read/write operations, and 'scripts/inject-hook.js', which automatically modifies the main application entry points (e.g., main.js) to insert global hooks. Additionally, 'web-admin/server.js' launches a web server on port 3456 that lacks any authentication mechanism, potentially allowing unauthorized network users to manage user quotas and sub-agents. While these features support the stated goal of privacy enforcement, the combination of intrusive system modifications and significant security vulnerabilities warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The codebase (privacy-guard, subagent integration, session persistence, web-admin, monitoring, quota manager) aligns with the stated multi-user privacy, isolation, and quota goals. However the project also includes web server components, monitoring/alert scripts, GitHub publish scripts and '飞书' alert mentions but declares no required env vars or credentials — a mismatch between claimed integrations and declared requirements. The presence of many system-level scripts (auto-mount, auto-create-subagents.sh, systemd/cron examples) is heavier than a minimal 'privacy guard' and should be expected only if you want full gateway/service-level integration.
Instruction Scope
SKILL.md and scripts instruct the agent / operator to read and write many local config and state files (~/.openclaw/workspace, .user-context.json, memory files, router-db, pending queue, quota DB) and to integrate directly into the Gateway message flow. It also prescribes automatic creation of subagents (pending queue → sessions_spawn), running scripts, restarting gateway, and starting a web admin on port 3456. Those instructions grant broad filesystem and runtime control and include a 'cold-start' flow that allows the first contact user to set the administrator identity — a significant trust boundary that could be abused on a fresh instance.
Install Mechanism
No install spec is registered in the metadata (instruction-only), so the package does not automatically download remote code during install. That reduces supply-chain risk from the registry metadata. However docs and release notes reference post-install scripts (node auto-mount.js) and a GitHub release; following those manual steps will execute local scripts from this package, so users should review them before running.
Credentials
The skill requests no environment variables or credentials in its registry metadata, yet the codebase and docs reference external integrations (GitHub publishing, 飞书 alerts, monitoring, web admin) that normally require tokens/webhooks. That mismatch is concerning because the code contains tooling that reads/writes local credential-bearing config files and can start network services without declaring needed secrets. Also the skill manipulates local agent config/state files (user context, memory, router DB), which is proportionate to its goals but means it will have access to potentially sensitive local data.
Persistence & Privilege
While the skill is not marked always:true, it installs components that intend to run persistently (web-admin server, monitoring, cron/systemd examples, scripts to process pending queues) and instructs integration with the Gateway message pipeline. The cold-start design (first user can set admin) and the automatic subagent creation (no manual approval) increase privilege and persistence risk on new deployments. Combined, these behaviors create a substantial runtime footprint that should be intentionally approved and sandboxed.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install multi-user-privacy
  3. After installation, invoke the skill by name or use /multi-user-privacy
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.9.2
- Initial release of v0.9.2 with 90 new files added. - Introduced session management, memory isolation, privacy guard, and quota logic. - Added scripts and documentation for multi-user privacy, subagent auto-creation, and configuration. - Included project plans, technical reports, and detailed setup guides. - Core features implemented: strict privacy checks, physical memory isolation per user, session routing, and quota enforcement. - Provided integration instructions for use with ClawHub/OpenClaw systems.
v0.9.1
**Big change: All documentation and config/example files have been removed from the package.** - Removed 88 files, including all markdown documentation, configuration samples, project planning, status, and test report files. - Core code and feature set remain unchanged. - Only essential functionality is preserved; all guides, READMEs, and auxiliary materials are now excluded from distribution.
v0.9.0
v0.9.0 introduces automatic sub-agent creation through the Gateway. - Gateway now detects new users on message receipt and auto-creates dedicated sub-agents. - Pending queue mechanism added for sub-agent assignment; messages routed automatically to the correct sub-agent. - New admin and user quota management system implemented, supporting auto-reset and usage logs. - Multiple privacy features improved: enhanced identity recognition, session/user memory isolation, real-time privacy checks, and permissions. - Configuration hot-reload supported; performance and cache optimizations applied. - Session management, quota control, and logging tools available via scripts.
Metadata
Slug multi-user-privacy
Version 0.9.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Multi User Privacy?

Automatically identifies users, isolates memories, filters sensitive content, manages sessions and sub-agents, and enforces role-based privacy and quota cont... It is an AI Agent Skill for Claude Code / OpenClaw, with 340 downloads so far.

How do I install Multi User Privacy?

Run "/install multi-user-privacy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Multi User Privacy free?

Yes, Multi User Privacy is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Multi User Privacy support?

Multi User Privacy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Multi User Privacy?

It is built and maintained by lz84 (@lz84); the current version is v0.9.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments