📦 Rejection Logger — 拒执记录器

v1.1.0

自动捕获并记录智能体评估后主动放弃执行的任务、选项或提示，帮助审计决策路径、排查遗漏与优化策略。

0· 388·0 当前·0 累计

by @balkanblbn

安全开发工具智能体

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

high confidence

The skill does what it says — it appends rejection entries to a local .learnings/REJECTIONS.md file — and its requirements and files match that purpose; main risk is accidental logging of sensitive data to a repository file.

评估建议

This skill is coherent and low-risk technically, but it persists free-text rejection reasoning to .learnings/REJECTIONS.md which can contain PII or secrets and may be committed to version control. Before installing: (1) inspect scripts/log_rejection.sh and keep it unchanged; (2) add .learnings/REJECTIONS.md to .gitignore or ensure repo policies prevent accidental commits; (3) restrict file permissions (e.g., chmod 600) or encrypt logs if needed; (4) avoid logging raw secrets or sensitive user da...

详细分析 ▾

✓ 用途与能力

Name and description describe logging rejected choices. SKILL.md and the included scripts/log_rejection.sh implement exactly that behavior (create .learnings directory and append a Markdown entry). There are no unrelated env vars, binaries, or network calls.

ℹ 指令范围

Instructions are narrowly scoped to creating/appending a local REJECTIONS.md file using the provided template. They do not request reading other files, calling external endpoints, or accessing unrelated credentials. Important caveat: the instructions explicitly ask the agent to record free-text 'Target' and 'Reason' fields — these entries can contain PII, secrets, or other sensitive content and will be persisted to disk and (if version-controlled) to remote repos.

✓ 安装机制

No install spec; this is instruction-only with a small included bash script. The script is short, contains no downloads, and writes only to a local .learnings directory. Low install risk.

ℹ 凭证需求

The skill requests no environment variables or credentials and the script doesn't read env vars. However, persisting agent decisions to a file can leak secrets if those decisions include sensitive data. Consider access control, .gitignore, or encryption for the log file.

✓ 持久化与权限

always:false and the skill does not modify other skills or global agent settings. It only writes to a workspace-local .learnings/REJECTIONS.md. Autonomous invocation is allowed by default (platform normal); if the agent is allowed to call skills autonomously it could generate many log entries — consider limiting use or requiring explicit user consent for logging.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.1.02026/2/28

Added functional logging script

● 可疑

安装命令

点击复制

官方npx clawhub@latest install rejection-logger

镜像加速npx clawhub@latest install rejection-logger --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库