Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Daily Life Autopilot
v1.0.0The most comprehensive proactive life management skill for AI agents. Covers morning intelligence briefings, email and message triage, follow-up tracking, su...
⭐ 0· 339·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (proactive inbox triage, calendar prep, file cleanup, subscription tracking, etc.) legitimately requires access to email, calendar, files, messaging, and billing data. However the registry metadata lists no required environment variables, no primary credential, and no config paths. That absence is a mismatch: either the skill expects to piggyback on the agent's platform-managed connectors (possible) or it is under-declared about the sensitive access it needs. The lack of a homepage/author contact increases uncertainty.
Instruction Scope
SKILL.md explicitly instructs the agent to read unread emails, sent-mail history (to learn tone), calendar events (including locations), messages, forwarded billing emails, and local files (desktop cleanup). Those actions are within the advertised feature set, but the instructions are broad and assume ongoing monitoring (daily checks, automatic triggers) and access to multiple data sources. The document promises no autonomous sending of messages, but it does allow automatic monitoring and draft generation — a privacy-sensitive behavior that should be controlled and visible to users.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes immediate install-time risk (no downloaded binaries or archives).
Credentials
Functionality described (email, calendar, task managers, billing/subscriptions, file system, and possibly location data) normally requires multiple credentials or platform-scoped tokens. The skill declares none. That under-declaration is disproportionate: sensitive env vars or connectors should be explicitly listed so users know what will be accessed. Environment variables named for tokens/keys are not present, and the SKILL.md does not enumerate required connectors or permissions.
Persistence & Privilege
always:false (good) and model invocation is allowed (default). The skill expects autonomous, scheduled behavior (morning briefings, automatic checks before meetings), which is reasonable for the purpose but increases privacy risk when combined with the broad access described above. There is no indication the skill modifies other skills or system-wide settings.
What to consider before installing
This skill describes actions that need wide access to your personal data but doesn't declare what credentials or connectors it will use and comes from an unknown source. Before installing or enabling it, ask the publisher for: (1) an explicit list of connectors/permissions required (Gmail/Outlook, Calendar, Drive/Files, task managers, banking/billing import), (2) where and how drafts/derived data are stored or transmitted, (3) whether any data leaves the platform or is cached long-term, and (4) an audit/logging mechanism and an easy revoke path. If you proceed, test with limited, low-privilege accounts (or disable email-sending and billing access) and require explicit, per-action consent for any action that sends data or performs operations on your behalf.Like a lobster shell, security has layers — review code before you run it.
automationvk97fsv8m0awwpem1s8wax9fcxh82fjk9beginnervk97fsv8m0awwpem1s8wax9fcxh82fjk9dailyvk97fsv8m0awwpem1s8wax9fcxh82fjk9latestvk97fsv8m0awwpem1s8wax9fcxh82fjk9lifevk97fsv8m0awwpem1s8wax9fcxh82fjk9productivityvk97fsv8m0awwpem1s8wax9fcxh82fjk9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.