ClawHub

Founder Coach AI

v1.0.0

AI founder coaching system — daily decision journal, accountability tracking, weekly strategy reviews, and AI-era specific questions on moat, commoditization...

0· 510·0 current·0 all-time
by@aiwithabidi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description (founder coaching, journaling, reviews) match the included script's behavior: creating and reading journal files, summaries, stats, and optional ‘AI coach’ responses. The script writes entries under ~/.openclaw/workspace/memory/founder-journal by default, which aligns with 'agent memory' mentioned in SKILL.md.
!
Instruction Scope
SKILL.md instructs running the included Python script but does not mention that the script will (optionally) call an external LLM endpoint. The script will collect journal text (recent entries, weekly combined content) and send it to https://openrouter.ai if an OPENROUTER_API_KEY is present — this transmits potentially sensitive personal/journal content to a third party. SKILL.md does not disclose this network behavior or the required API key.
Install Mechanism
This is an instruction-only skill with a bundled Python script; there is no external installer or remote download. No high-risk install mechanism (no arbitrary downloads or package installs) is present.
!
Credentials
The skill metadata declares no required environment variables, yet the script expects OPENROUTER_API_KEY (to contact an external LLM) and optionally respects FOUNDER_JOURNAL_DIR. Requiring an LLM API key is proportionate if documented, but here it's undeclared and therefore unexpected. If the key is set, the script will send user journal content to an external service; that is a sensitive capability and should have been declared.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and only writes files under a per-user path (~/.openclaw/... by default). That filesystem persistence is reasonable for a journaling tool. Autonomous invocation is allowed (platform default) but not a new elevated privilege here.
What to consider before installing
Before installing, be aware of three things: (1) The bundled script will write journal files to ~/.openclaw/workspace/memory/founder-journal by default (or a directory you set via FOUNDER_JOURNAL_DIR). (2) If you set OPENROUTER_API_KEY in your environment, the tool will send recent journal text and weekly summaries to openrouter.ai for AI-generated insights — this could leak sensitive personal or business information to a third party. SKILL.md and the registry metadata do not declare that API key requirement or the network behavior. (3) If you want to use this skill safely, either do not set OPENROUTER_API_KEY (the tool will still work locally but without AI summaries), or review/modify the script to confirm what is sent, or point FOUNDER_JOURNAL_DIR to a safe location. Also verify you trust the openrouter.ai service and the skill author (homepage is a single domain and owner is unknown). If you need higher assurance, ask the publisher to update the metadata to declare OPENROUTER_API_KEY as required, disclose network behavior in SKILL.md, and explain data-retention/privacy for anything sent off-host.

Like a lobster shell, security has layers — review code before you run it.

agxntsixvk978bdyxdsf0khqqw4njfwzz35816d65latestvk978bdyxdsf0khqqw4njfwzz35816d65

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎯 Clawdis

Comments