Reminder Guardian
ReviewAudited by ClawScan on May 10, 2026.
Overview
Reminder Guardian mostly matches its reminder purpose, but its script appears to run a time-helper file from outside the reviewed skill directory.
Review or fix the time-helper path before installing or running this skill. If you use it, keep reminder text non-sensitive, check the generated cron blueprint before adding it, and remove scheduled jobs or log entries when they are no longer needed.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When the user runs the reminder CLI, it could execute a Python file that was not part of this reviewed skill if such a file exists at the computed path.
The reviewed helper is included as `scripts/time_helper.py` under the skill, while the documented script path is `skills/reminder-guardian/scripts/reminder_guard.py`. With that layout, `parents[2]` points to the broader `skills` directory, so the subprocess may run `skills/scripts/time_helper.py` outside this skill or fail.
SKILL_ROOT = Path(__file__).resolve().parents[2] TIME_HELPER = SKILL_ROOT / "scripts" / "time_helper.py" ... result = subprocess.run(cmd, capture_output=True, text=True)
Fix the helper path to the skill directory, for example using `Path(__file__).resolve().parent / "time_helper.py"`, and check the subprocess return code before trusting its output.
Sensitive reminder details may remain in the local memory file, and reminder text may later be delivered back into the agent workflow.
Reminder messages and optional notes are stored in a persistent local log and later reused in cron payload text. That is purpose-aligned for a reminder tool, but it means private or instruction-like text can persist and reappear later.
LOG_PATH = REPO_ROOT / "memory" / "reminder-log.json"
...
"message": args.message,
"note": args.note,
...
"text": f"Reminder: {entry['message']}"Avoid putting secrets or highly sensitive information in reminders, periodically review or prune the log, and treat reminder text as notification content rather than agent instructions.