ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Life Control

v0.1.0

Orchestrate the Life Control CLI skill for OpenClaw agent fleets: initialize the Life Control database, register agent personas, wire Telegram bots, and run daily routines (Morning Alignment, Body Protocol, Financial Pulse, Social Radar, Work Priming, Shutdown). Use when a user asks to create or run a Life Control system, OpenClaw skill integration, or agent persona automation for personal life tracking.

0· 1.1k·2 current·2 all-time
byRachit Sharma@rachitsharma123
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description says this orchestrates a Life Control CLI (bootstrap DB, register personas, wire Telegram bots, run routines). That purpose legitimately needs scripts and Telegram credentials, but the registry metadata lists no code files and no required env vars. The skill claims functionality that cannot be satisfied by the published package as-is.
!
Instruction Scope
SKILL.md instructs the agent to run local scripts (skills/life-control/scripts/bootstrap.sh, telegram-sender.sh), to export Telegram chat ID and bot tokens, and to load references/openclaw.md. Those instructions direct the agent to perform privileged actions (initialize DB, register agents, send Telegram messages) and to use sensitive credentials, yet the skill bundle contains no scripts or reference files. The instructions also suggest adding cron entries to schedule message delivery, which implies persistent scheduled execution and credential use. The instructions therefore overreach relative to the published artifact.
!
Install Mechanism
No install spec is provided (instruction-only), which would be fine if the skill were truly only instructions. However, SKILL.md depends on on-disk scripts and other repo files that are absent. This mismatch means following the instructions would fail or require fetching code from an unspecified source — a risky step if a user attempts to satisfy the missing pieces themselves.
!
Credentials
The runtime instructions explicitly require Telegram chat IDs and bot tokens (sensitive secrets), but the skill declares no required environment variables or primary credential. There is no guidance about where/how to store these secrets or how they will be used. Requesting messaging credentials is reasonable for the feature, but the omission from the declared requirements and lack of provenance for the scripts is a red flag for potential credential misuse or accidental leakage.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The skill asks users to schedule cron jobs (persistent scheduled runs), which is consistent with its purpose but increases runtime exposure of any tokens used. There is no evidence the skill attempts to modify other skills or system-wide configs, but the absence of package files means any install/run would require manual actions outside the registry.
What to consider before installing
Do not install or run this skill yet. The SKILL.md references local scripts and sensitive Telegram bot tokens, but the published package contains no code and declares no environment variables — this is an incoherence you should resolve before proceeding. Ask the publisher for: (1) the repository or homepage and a verifiable source; (2) the full list of files (scripts, routines, references/openclaw.md) and a signed release or commit hash; (3) an explicit list of required environment variables (names and intended use) and guidance for secure storage; and (4) a code review or at least the contents of bootstrap.sh and telegram-sender.sh so you can inspect what they do. If you must test, run it in an isolated environment (ephemeral VM/container) and never paste real bot tokens — create throwaway Telegram bots and test accounts. If the author cannot produce the missing files and a clear provenance, treat the skill as unsafe.

Like a lobster shell, security has layers — review code before you run it.

latestvk979y23hx7gp0ecwpy0sxjnbg580ta4g
1.1kdownloads
0stars
1versions
Updated 8h ago
v0.1.0
MIT-0
Rachit Sharma@rachitsharma123
latest
Download

Life Control

Overview

Set up and operate the Life Control CLI so OpenClaw can run agent personas that track life domains (wellness, finance, fashion, career, relationships, spiritual growth) with routines and Telegram notifications.

Quick start (OpenClaw)

  1. Ensure the repo root is available.
  2. Export Telegram chat ID + agent bot tokens.
  3. Run skills/life-control/scripts/bootstrap.sh.
  4. Use lc dashboard, lc list, and routine scripts to coordinate.

If you need persona mappings or OpenClaw-specific notes, load references/openclaw.md.

Core workflows

1) Bootstrap personas

  • Run skills/life-control/scripts/bootstrap.sh.
  • Verify agents with lc fleet.

2) Add goals + logs

  • Use lc add and lc log for structured tracking.
  • Use qlog for quick metrics (protein, water, workout, expense, meditate).

3) Run daily routines

  • Scripts live in routines/ (Morning Alignment, Body Protocol, Financial Pulse, Social Radar, Work Priming, Shutdown).
  • Add crontab-template.txt entries for automatic scheduling.

4) Telegram notifications

  • Use lc notify to queue messages per agent.
  • Run telegram-sender.sh via cron to deliver to each bot.

Resources

scripts/

  • bootstrap.sh: initializes the DB and registers persona agents by calling setup-agents.sh.

references/

  • openclaw.md: persona mapping + OpenClaw integration notes.

Comments

Loading comments...