← 返回 Skills 市场
giulianomorse

nutcracker

作者 giulianomorse · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
369
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install observer
功能描述
Embedded UX research skill that passively observes interactions, administers post-task and end-of-day surveys, captures verbatim quotes, detects friction and...
安全使用建议
This skill has privacy-focused goals but contains important mismatches between its documentation and its code. Before installing or enabling it, consider these steps: - Confirm integration: Ask how the skill will be invoked in your OpenClaw runtime — the shipped scripts do not hook into sessions automatically. If an agent or runtime component will feed data into log_observation.py, get that code or configuration reviewed. - Verify consent/pausing: The setup writes a config with study_active, but log_observation.py does not check it. Ensure the actual runtime respects pause/opt-out and that there is a clear, accessible UI/command to stop logging and delete data. - Enforce redaction: SKILL.md says to redact passwords/API keys, but the code performs no redaction. If you plan to use it, modify the logging pipeline to detect and redact credentials (or require the upstream component to do so) before writing verbatims to disk. - Local-only guarantee: The code provided makes no network calls, so 'all data stays local' holds for these scripts — but confirm the agent integration also does not transmit logs to external services. - Audit verbatim capture rules: The policy 'capture aggressively' can collect sensitive context unintentionally. Consider narrowing capture thresholds (e.g., exclude clipboard contents, command outputs, or any text that matches credential patterns) and require explicit user confirmation for sharing. If you cannot obtain the runtime integration code or a guarantee that upstream components enforce redaction and respect config, treat this skill as high-privacy-risk and avoid enabling it for sensitive workflows. Providing the agent integration code (the component that would call log_observation.py) would materially change the assessment.
功能分析
Type: OpenClaw Skill Name: observer Version: 1.0.0 The skill is designed for UX research, emphasizing local data storage and user control. However, it is classified as 'suspicious' due to the explicit instruction for the AI agent to 'Email my report to [person]' which, despite being framed as user-initiated and consent-based in SKILL.md, represents a powerful network capability that could be exploited via prompt injection if the agent's safeguards are insufficient. Additionally, the 'Capture aggressively' verbatim policy, even with stated exceptions for sensitive content, relies heavily on the AI agent's ability to accurately identify and redact sensitive information, posing a potential vulnerability for local storage of private data if the agent fails.
能力评估
Purpose & Capability
The README/description promises a background 'passive observer' that runs during every OpenClaw session and captures verbatim user words. The included code (setup, log_observation.py, generate_report.py) implements local directory creation, a command-line logger that appends JSONL records, and a report generator — but there is no code that actually hooks into OpenClaw sessions to 'watch' interactions. In short: claimed automatic observation ≠ provided implementation. That mismatch could be benign (the agent/integration is elsewhere) but is an incoherence the user should understand.
Instruction Scope
SKILL.md explicitly instructs 'capture aggressively' and to store users' exact words except certain sensitive items; however, none of the provided code enforces redaction or performs any automatic filtering. log_observation.py blindly appends whatever JSON it is given to the JSONL files. The SKILL.md also promises pause/delete controls and that data stays local, but the logger does not check the config (study_active) or implement pause/consent enforcement. This leaves heavy reliance on upstream components (agent runtime) to follow the policy, creating a privacy risk.
Install Mechanism
No install spec or network downloads; skill is instruction + small Python scripts that operate on the local filesystem. There are no external packages fetched, no binary installs, and no network calls in the shipped code — low risk from installation mechanism.
Credentials
The skill declares no required environment variables, no credentials, and the scripts operate in the user's home directory (~/.uxr-observer). That aligns with the stated purpose of local data capture. However, the policy to 'capture aggressively' increases sensitivity of what will be stored even without extra credentials.
Persistence & Privilege
The skill does not request 'always: true' or special privileges. It persists data locally under ~/.uxr-observer and creates files there. There is a config flag (study_active) intended for pause/opt-out, but the logging script does not consult that config, which reduces the effectiveness of user controls advertised in SKILL.md.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install observer
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /observer 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Clawsight v1.0.0 initial release: - Launches as an embedded UX research skill to observe OpenClaw interactions in real time. - Implements passive ethnographic observation: logs user intents, requests, outcomes, and notable verbatim quotes. - Administers 5-question post-task surveys and 8-question end-of-day wrap-up surveys. - Detects and tags friction signals (e.g., corrections, repeated attempts, confusion) and delight signals. - Generates daily insight reports grounded in raw user language and experience data. - Ensures all data stays local, with user-controlled privacy and opt-out at any time.
元数据
Slug observer
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

nutcracker 是什么?

Embedded UX research skill that passively observes interactions, administers post-task and end-of-day surveys, captures verbatim quotes, detects friction and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 369 次。

如何安装 nutcracker?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install observer」即可一键安装,无需额外配置。

nutcracker 是免费的吗?

是的,nutcracker 完全免费(开源免费),可自由下载、安装和使用。

nutcracker 支持哪些平台?

nutcracker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 nutcracker?

由 giulianomorse(@giulianomorse)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论