← 返回 Skills 市场
Rejection Logger
作者
balkanblbn
· GitHub ↗
· v1.1.0
430
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install rejection-logger
功能描述
Captures and logs choices, options, or prompts that the agent evaluated and decided NOT to execute. Use whenever you skip a task, reject an approach, or choo...
安全使用建议
This skill is coherent and low-risk technically, but it persists free-text rejection reasoning to .learnings/REJECTIONS.md which can contain PII or secrets and may be committed to version control. Before installing: (1) inspect scripts/log_rejection.sh and keep it unchanged; (2) add .learnings/REJECTIONS.md to .gitignore or ensure repo policies prevent accidental commits; (3) restrict file permissions (e.g., chmod 600) or encrypt logs if needed; (4) avoid logging raw secrets or sensitive user data — sanitize inputs; (5) consider requiring explicit user confirmation before the agent logs a rejection or disabling autonomous invocation for this skill if you want tighter control.
功能分析
Type: OpenClaw Skill
Name: rejection-logger
Version: 1.1.0
The skill's stated purpose is benign, aiming to log agent rejections for transparency. However, the `scripts/log_rejection.sh` script is vulnerable to shell injection. It directly uses unsanitized command-line arguments (`$1`, `$2`, `$3`) within an `echo` command that appends to a file. This flaw could allow an attacker to execute arbitrary commands on the system if they can control the input provided to the script by the agent, making it a significant remote code execution risk.
能力评估
Purpose & Capability
Name and description describe logging rejected choices. SKILL.md and the included scripts/log_rejection.sh implement exactly that behavior (create .learnings directory and append a Markdown entry). There are no unrelated env vars, binaries, or network calls.
Instruction Scope
Instructions are narrowly scoped to creating/appending a local REJECTIONS.md file using the provided template. They do not request reading other files, calling external endpoints, or accessing unrelated credentials. Important caveat: the instructions explicitly ask the agent to record free-text 'Target' and 'Reason' fields — these entries can contain PII, secrets, or other sensitive content and will be persisted to disk and (if version-controlled) to remote repos.
Install Mechanism
No install spec; this is instruction-only with a small included bash script. The script is short, contains no downloads, and writes only to a local .learnings directory. Low install risk.
Credentials
The skill requests no environment variables or credentials and the script doesn't read env vars. However, persisting agent decisions to a file can leak secrets if those decisions include sensitive data. Consider access control, .gitignore, or encryption for the log file.
Persistence & Privilege
always:false and the skill does not modify other skills or global agent settings. It only writes to a workspace-local .learnings/REJECTIONS.md. Autonomous invocation is allowed by default (platform normal); if the agent is allowed to call skills autonomously it could generate many log entries — consider limiting use or requiring explicit user consent for logging.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install rejection-logger - 安装完成后,直接呼叫该 Skill 的名称或使用
/rejection-logger触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Added functional logging script
v1.0.0
Initial release of autonomous rejection logging skill
元数据
常见问题
Rejection Logger 是什么?
Captures and logs choices, options, or prompts that the agent evaluated and decided NOT to execute. Use whenever you skip a task, reject an approach, or choo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 430 次。
如何安装 Rejection Logger?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install rejection-logger」即可一键安装,无需额外配置。
Rejection Logger 是免费的吗?
是的,Rejection Logger 完全免费(开源免费),可自由下载、安装和使用。
Rejection Logger 支持哪些平台?
Rejection Logger 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Rejection Logger?
由 balkanblbn(@balkanblbn)开发并维护,当前版本 v1.1.0。
推荐 Skills