ClawHub

Proactive Daily Planner

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local daily-planner skill with disclosed local storage and optional user-configured scheduling, and I found no hidden data access, exfiltration, or destructive behavior.

Before installing, review config.json for notification and storage preferences. Only add the suggested cron or HEARTBEAT entries if you want unattended daily runs, and periodically delete old files under ~/.openclaw/workspace/memory if you do not want planning history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill imports execSync from child_process even though no subprocess functionality is needed for a daily planner. Unused command-execution capability unnecessarily expands the attack surface, makes later malicious modification easier, and is especially suspicious in a personal-assistant context that handles local files and user data.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The README advertises that the skill 'initiates daily planning automatically' and is 'proactive' without clearly defining consent, trigger conditions, or execution boundaries. In an agent ecosystem, vague autonomous activation can lead to unexpected execution, user confusion, and unintended access or modification of local planning/memory files even if the stated functionality is productivity-oriented.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to set up cron-based automatic execution and describes persistent writes to local memory files, but it does not provide a clear warning that the skill will continuously create and update files over time. This is dangerous because users may enable unattended operation without understanding the persistence, retention, or privacy implications of storing daily plans, task history, and progress data in predictable locations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states it runs automatically on a schedule and stores planning data in local memory files, but it does not prominently warn users about this ongoing background behavior and persistent data retention. This can lead to unexpected collection of sensitive personal productivity information, habits, schedules, and reflections, especially for a personal assistant handling daily plans. The proactive context increases risk because data writes may happen repeatedly without fresh user confirmation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises notification delivery through configured channels such as Telegram without warning that task details, schedules, or motivational/progress content may be sent to third-party messaging services. This creates a privacy exposure because personal planning data may leave the local environment and be processed or retained externally. In a daily planner, the content can reveal routines, work patterns, and personal priorities, making the omission materially relevant.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description, 'Proactive daily planning assistant,' is broad enough that an agent framework may activate it in loosely related situations beyond explicit day-planning tasks. Over-broad activation can cause unintended access to user context, unsolicited actions, or interference with other skills, especially because the config also enables automatic scheduled behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal