← 返回 Skills 市场
nutcrackertestgpt
作者
giulianomorse
· GitHub ↗
· v1.0.0
359
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install nutcrackertestgpt
功能描述
Privacy-first UX research ethnography for OpenClaw. Use when asked to observe OpenClaw usage over time, extract local session data and conversations, analyze...
安全使用建议
Before installing or enabling: 1) Confirm where {baseDir} will be (agent workspace) and ensure it is a controlled, non-shared path. 2) Request that the skill metadata declare OPENCLAW_STATE_DIR if it relies on that env var, or else refuse fallback to undisclosed locations. 3) Prefer 'minimal' capture for initial tests and run the skill against non-sensitive sessions to validate redaction output. 4) Verify the consent flow actually prevents collection when 'no' is chosen and that scope controls (this_session_only vs all_agent_sessions) are enforced — especially because the fallback can enumerate <stateDir>/agents/*. 5) Audit the produced files after a run to confirm secrets are redacted and retention/purge work as documented. 6) If you cannot confirm these points, treat the skill as privacy-sensitive and avoid running it on real/production data.
功能分析
Type: OpenClaw Skill
Name: nutcrackertestgpt
Version: 1.0.0
The skill is designed for UX research by collecting and analyzing OpenClaw session history and gateway logs (SKILL.md, fallback-session-paths.md). While it includes significant security guardrails—such as a mandatory consent flow, local-only data storage, and comprehensive regex-based redaction of secrets (redaction-rules.md)—the capability to programmatically aggregate and parse all user interactions across sessions is a high-risk behavior. Per the analysis criteria, the presence of these risky file-access capabilities, even when aligned with the stated purpose, warrants a suspicious classification.
能力评估
Purpose & Capability
The name/description (local UX ethnography) aligns with the instructions: collecting local session transcripts, normalizing events, analyzing, redacting, and writing local reports. Collecting gateway logs as an optional supplemental source and enumerating agent session directories is within the scope of an agent-level ethnography, but enumerating multiple agents' session folders may be broader than some users expect.
Instruction Scope
SKILL.md instructs the agent to read built-in session tools and fallback transcript files (sessions.json, *.jsonl) and optionally gateway logs. It also directs enumerating <stateDir>/agents/*/sessions/ when scope=all_agent_sessions. These file reads can expose sensitive content; while the skill documents redaction and 'never upload' guardrails, the instructions reference an environment variable (OPENCLAW_STATE_DIR) and use placeholders ({baseDir}) without declaring them in the registry metadata, giving ambiguity about exact read/write locations and access limitations. The instructions explicitly forbid executing content from transcripts (good) but grant broad discretion to discover state dirs which could access unexpected files.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is lowest-risk for arbitrary code installation; nothing is written to disk by an installer step beyond what runtime instructions ask the agent to create (state.json, data/, reports/).
Credentials
Registry metadata lists no required env vars, but SKILL.md explicitly references OPENCLAW_STATE_DIR as a preferred base state directory fallback and also uses ~ (home). The skill will read local files (session transcripts, gateway logs) that may contain secrets unless redaction works perfectly. The redaction rules are detailed and appropriate, but the skill's use of an undeclared environment variable and the potential to enumerate other agents' state directories are disproportionate unless justified to the user and explicitly constrained.
Persistence & Privilege
The skill writes persistent objects (state.json, data/YYYY-MM-DD/*, reports/YYYY-MM-DD.*) inside {baseDir} and will modify its own state.json consent record. It does not request always:true or claim permission to modify other skills or system configs. Autonomous invocation is enabled by default (normal), which combined with file access means the agent could run periodic captures if invoked—ensure consent settings and retention controls are enforced and clear.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nutcrackertestgpt - 安装完成后,直接呼叫该 Skill 的名称或使用
/nutcrackertestgpt触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of OpenClaw UX Ethnographer.
- Adds privacy-first local UX research capture, consent management, and redaction guardrails.
- Supports natural language and slash command invocations for running, setup, status, and purging data.
- Collects and analyzes OpenClaw usage data with no third-party dependencies and no data ever leaving local storage.
- Generates daily, redacted ethnography reports with behavioral insights, pain points, recommendations, and next-day research plans.
- Implements built-in automated retention and purging according to user-configured consent and settings.
元数据
常见问题
nutcrackertestgpt 是什么?
Privacy-first UX research ethnography for OpenClaw. Use when asked to observe OpenClaw usage over time, extract local session data and conversations, analyze... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 359 次。
如何安装 nutcrackertestgpt?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nutcrackertestgpt」即可一键安装,无需额外配置。
nutcrackertestgpt 是免费的吗?
是的,nutcrackertestgpt 完全免费(开源免费),可自由下载、安装和使用。
nutcrackertestgpt 支持哪些平台?
nutcrackertestgpt 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 nutcrackertestgpt?
由 giulianomorse(@giulianomorse)开发并维护,当前版本 v1.0.0。
推荐 Skills