Back to skill
Skillv1.0.1
ClawScan security
OpenDream · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 5:36 PM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's files, scripts, and runtime instructions are coherent with its stated purpose (making the agent run a scheduled 'dream' process), but it modifies workspace and gateway config and will read daily memory files — review before installing.
- Guidance
- This skill appears to do what it says, but review before installing: 1) setup.py will append/merge sections into HEARTBEAT.md and SOUL.md and merge a heartbeat block into your openclaw.json — this enables periodic autonomous agent runs (every 30m overnight). Backups are created, but inspect them and the merged diffs before accepting. 2) The running skill reads memory/YYYY-MM-DD.md every dream tick; those files can contain user or conversation-sensitive data — decide whether you want the model to ingest that content overnight. 3) If you already have a custom heartbeat, the script may overwrite it (it warns but can replace); consider running with --dry-run or merging manually per references/INSTALL.md. 4) Review assets/prompts.yaml and HEARTBEAT-dream-section.md to confirm the tone and what the agent will record locally in dreams/. 5) If you prefer not to enable scheduled autonomous runs, do not merge the heartbeat block into openclaw.json; you can still use the skill manually. If you want more assurance, run the setup in a test workspace first and inspect the created backups and resulting openclaw.json.
Review Dimensions
- Purpose & Capability
- okName/description match what the skill does: it implements an agent-local nightly heartbeat that generates and stores 'dream' thoughts. Required artifacts (HEARTBEAT.md, SOUL.md, openclaw.json, workspace memory files) are appropriate for that purpose. No unrelated credentials or network endpoints are requested.
- Instruction Scope
- noteRuntime instructions intentionally read and write files inside the OpenClaw workspace: they read memory/YYYY-MM-DD.md each tick for context, read prompts.yaml, append to dreams/YYYY-MM-DD/*.md, and produce a morning-recall. This is consistent with the stated intent, but the skill repeatedly ingests the agent's daytime memory files (which may contain user-sensitive content) and appends persistent files to the workspace.
- Install Mechanism
- okThere is no remote installer; the package is instruction-plus-local-scripts. setup.py and validate.py run locally and operate on workspace files. This is lower risk than downloading/executing remote code, but the setup script will modify local config files and workspace contents (with backups).
- Credentials
- noteThe skill requests no environment variables or external credentials, which is proportional. It does require filesystem access to the OpenClaw workspace and openclaw.json; access to memory/YYYY-MM-DD.md means the model will read potentially sensitive conversation content during dream ticks — this is expected but impacts privacy.
- Persistence & Privilege
- concernThe setup merges a heartbeat block into the global gateway config (openclaw.json) and appends persona fragments into SOUL.md so the behaviour persists across agent runs. That intentionally grants the skill persistent, scheduled autonomous execution (every 30 minutes, 23:00–06:00). While coherent for the feature, users should be aware this changes system-wide behavior and may overwrite an existing heartbeat configuration.