ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Daily Briefing

v1.0.5

Generates a warm, compact daily briefing with weather, calendar, reminders, birthdays, and important emails for cron or chat delivery.

3· 3.6k·44 current·48 all-time
by@antgly
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's code and documentation match the stated purpose: it gathers weather, calendar events, reminders, birthdays, and (optionally) emails. It uses macOS TCC (Contacts/Calendar/Reminders via osascript), optional Google tooling (gog), wttr.in via curl, and optional IMAP tooling (himalaya) — all coherent with the description. However the registry metadata said no required config paths while the orchestrator actually reads ~/.openclaw/openclaw.json for credentials/config — a metadata mismatch that hides a file-read requirement.
Instruction Scope
Runtime instructions require running the provided orchestrator script which reads local system state (timezone, user name), Contacts (via osascript), Calendars/Reminders (via optional CLI tools and osascript), and may fetch email via configured tools. It writes JSON to /tmp and expects the agent to read that JSON and produce the briefing. Nothing in SKILL.md instructs sending data to third-party endpoints outside the configured services, but the script will contact external services when tools like gog, himalaya, or wttr.in are used — which is expected for those integrations.
Install Mechanism
There is no remote download; install.sh is local and only creates a runner wrapper and sets executable bits. No external archives or URL downloads are used by the installer, which reduces supply-chain risk.
!
Credentials
The skill requests access to highly sensitive local data (Contacts, Calendars, Reminders) and supports storing an iCloud app-specific password in ~/.openclaw/openclaw.json. Those privileges are proportionate to the feature set but the skill metadata did not declare the config file path or the need to store credentials, which is an important omission. The skill does not request env vars, but it does read the user's ~/.openclaw/openclaw.json (potentially containing plaintext credentials) — users should be aware and cautious.
Persistence & Privilege
always is false and the skill does not request system-wide automatic inclusion. install.sh creates only a per-skill runner in its own bin directory. The README/SKILL.md instructs you to grant Terminal.app TCC permissions — that is a user action rather than the skill altering system settings. Note that the agent can invoke the skill autonomously (platform default); combined with access to local personal data this increases blast radius if the agent is given broad invocation rights.
What to consider before installing
This skill does what it claims, but it accesses very sensitive local data (Contacts, Calendars, Reminders) and can read/store an iCloud app-specific password in ~/.openclaw/openclaw.json. Before installing: - Inspect ~/.openclaw/openclaw.json after installation — do not put secrets there unless you accept they will be stored in plaintext on disk. Prefer leaving emails.disabled until you trust the skill. - If you enable emails, consider using app-specific passwords and limit that feature; remove the password from the config when not needed. - Grant TCC permissions (Contacts/Calendars/Reminders) only to a terminal you control, and review what you grant. The skill asks you to grant Terminal.app access — that gives any process running in that Terminal the same TCC scope. - If you use Google integrations, confirm gog is authenticated only to the accounts you expect. - Test the skill in an interactive session first (with emails disabled) and review /tmp/daily_briefing_data.json output to see exactly what data is being gathered. The main red flags are (1) metadata omission of the config file read, and (2) plaintext credential storage risk. Those are explainable but important — proceed only if you accept the privacy trade-offs or can harden the config storage.

Like a lobster shell, security has layers — review code before you run it.

latestvk9762wh4rwwdqwfne1dm71pspx80y8j8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌅 Clawdis
Binscurl, bash

Comments