Mediator

Intercept and filter communications from difficult contacts. Strips emotion, extracts facts, drafts neutral responses. Use when setting up communication filtering for specific contacts, configuring the mediator, or processing intercepted messages. Triggers on "mediator", "intercept messages", "filter communications", "difficult contact", or requests to handle messages from someone the user doesn't want to deal with directly.

This package mostly does what it says (monitor local mail/iMessage, summarize via an LLM, and log results), but several red flags deserve attention before you run it: - Hard-coded defaults: The init template includes specific Gmail addresses. Remove or replace these immediately—don't leave someone else's addresses in your config. - External dependencies: The code calls an external script (~/clawd/scripts/gog-read.sh), the imsg CLI, and an 'llm' CLI. Inspect or replace those tools before use. The skill will only be as safe as those dependencies. - Data leakage to LLMs: summarize.py invokes an 'llm' CLI which will forward message content to whatever model/backend your local CLI is configured to use. If you care about confidentiality, verify the llm CLI configuration (where API keys point, provider privacy), or modify the code to use an on-device model or to avoid sending full messages. - Automatic installs: The scripts will pip-install PyYAML at runtime if missing. If you prefer controlled installs, install dependencies yourself first. - Auto-respond risks: The configuration supports an 'auto' respond mode but the code doesn't implement sending responses; enabling auto-response in any integrated system without reviewing behavior would be dangerous. Prefer 'draft' mode and manual review. - Inspect and sandbox: Before running, read the external gog-read.sh and any 'imsg' or 'llm' CLI you have installed. Run the skill in a limited/sandboxed environment or on a test account to confirm behavior. Consider removing or redacting any example accounts in the init template. If you want to proceed, verify the external CLIs and where the LLM sends data, remove the hard-coded accounts, and test with non-sensitive data first.

Type: OpenClaw Skill Name: mediator Version: 1.0.0 The skill is classified as suspicious due to its heavy reliance on external, unverified CLI tools (`gog-read.sh`, `imsg`, `llm`) for core functionality, as seen in `scripts/process-email.py`, `scripts/process-imessage.py`, and `scripts/summarize.py`. While `subprocess.run` with a list of arguments mitigates direct shell injection at the point of invocation, the internal handling of user-controlled input (like sender email or phone number) by these external tools is unknown and could introduce command injection vulnerabilities. Additionally, the use of `os.system` for `pyyaml` dependency installation in `scripts/config-helper.py`, `scripts/process-email.py`, and `scripts/process-imessage.py` is a general security anti-pattern, even if the specific arguments are hardcoded. There is no clear evidence of intentional malicious behavior like data exfiltration to arbitrary external endpoints or backdoor installation, but the identified vulnerabilities and high-risk dependencies warrant a 'suspicious' classification.