📦 Event-Watcher — 事件监听
v1.0.1订阅 Redis Streams 与 webhook JSONL 事件源,仅在匹配事件到达时唤醒智能体;内置过滤、去重、重试与会话路由,支持 sessions_send/agent_gate。
1· 1.6k·2 当前·2 累计
by 下载技能包
最后更新
2026/2/28
安全扫描
OpenClaw
可疑
medium confidenceThe skill's code and runtime instructions largely match an event-watcher, but there are important mismatches and scope-creep (undeclared environment/credential needs and reading other agents' session stores) that you should understand before installing.
评估建议
This skill appears to implement the advertised watcher functionality, but there are several important caveats you should consider before running it:
- Undeclared env vars: The skill's metadata does not list environment variables it actually uses (e.g., REDIS_URL/REDIS_PASSWORD, OPENCLAW_SESSION_KEY, OPENCLAW_SESSION_STORE, and various EVENT_WATCHER_* paths). Treat this as a red flag — confirm what credentials you must provide and where.
- Session store access: By default the watcher searches a...详细分析 ▾
⚠ 用途与能力
Name/description align with the code (Redis streams + webhook JSONL -> wake agent). However, the skill reads local OpenClaw session stores (~/.openclaw and ~/.openclaw/agents/*/sessions/sessions.json) and invokes the openclaw CLI; accessing other agent session files is broader than a simple watcher and should be explicitly declared/justified.
⚠ 指令范围
SKILL.md and scripts instruct the watcher to read arbitrary local session store files, normalize events, run agents via subprocess, and append logs/dead letters to paths under the host filesystem. Reading other agents' session stores and resolving the 'latest session' (without explicit session_id) is scope creep from a pure event listener and can expose chat/session context to the watcher.
ℹ 安装机制
No install spec is provided (lowest install risk). The metadata does declare Python dependencies (redis, pyyaml) which will be needed to run the provided scripts; the skill includes several Python files that will run as-is. No remote downloads or unusual install steps were found.
⚠ 凭证需求
Registry metadata lists no required env vars, but the code uses multiple env vars (EVENT_WATCHER_CONFIG, EVENT_WATCHER_STATE, EVENT_WATCHER_LOG, DEAD_LETTER, OPENCLAW_SESSION_KEY, OPENCLAW_SESSION_STORE, and the references/CONFIG.md documents REDIS_URL/REDIS_PASSWORD). Redis credentials and session-related env vars are effectively required for common operation but are not declared — this mismatch is a red flag for missing/undeclared sensitive requirements.
⚠ 持久化与权限
The skill does not set always:true, and it has no installer creating persistent system services, but it is explicitly intended to be run as a long‑running background process (nohup/tmux). It reads/writes files outside its own folder (logs, dead-letter, and local OpenClaw session stores), which grants it ongoing access to local session/context data if you run it — consider this elevated persistence in practice.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/2/7
- Added a prompt safety notice: event payloads are untrusted, and a safety header is included by default to prevent instruction following. - Provided instructions for disabling the safety header via `wake.add_source_preamble: false` if the source is trusted. - No code or file changes; documentation only.
● 无害
安装命令
点击复制官方npx clawhub@latest install event-watcher
镜像加速npx clawhub@latest install event-watcher --registry https://cn.longxiaskill.com