OS Activity

Personalize your openclaw by learning your operating system activity.

This skill appears to do what it says: it installs osquery (by downloading from GitHub) and uses osquery to read recent files, directories, running processes, and installed programs. Before installing, consider: 1) privacy — the output includes file paths and process names that may reveal sensitive data; only install if you trust the skill. 2) network/downloads — the installer fetches a release from GitHub; verify the SHA256 checksums in the script against the official osquery release page if you want assurance the binary is authentic. 3) sandboxing — if unsure, run the installer and scripts in a test account or VM first. 4) runtime dependencies — the installer uses requests (and optionally tqdm); if those packages are missing, you may be prompted to install them. If you accept those privacy and network tradeoffs, the skill is coherent with its stated purpose.

Type: OpenClaw Skill Name: os-activity Version: 1.1.0 The skill is classified as suspicious due to its reliance on downloading and installing an external binary (`osquery`) from GitHub via `scripts/install_osquery.py`. While the script attempts to mitigate risks with checksum verification and path traversal protection during archive extraction, this process introduces a supply chain vulnerability and the capability to execute arbitrary external code. Subsequently, other scripts (`processes.py`, `programs.py`, `recent_dirs.py`, `recent_files.py`) execute this installed `osquery` binary to collect sensitive system activity data (running processes, installed programs, recent files/directories). Although the stated purpose is benign ('personalization') and there's no direct evidence of malicious data exfiltration, the combination of external binary execution and collection of sensitive system information represents a high-risk capability that could be exploited if vulnerabilities were discovered or the source of the binary compromised.