Daily Briefing
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: daily-briefing Version: 1.0.5 The skill is classified as suspicious due to two significant vulnerabilities found in `scripts/daily_briefing_orchestrator.sh`. Firstly, the `emails.icloudPassword` is read from the user's configuration and written in cleartext into the `/tmp/daily_briefing_data.json` file, exposing a sensitive credential on disk. Secondly, the `REMINDERS_DUE_FILTER` configuration value is used directly in a `remindctl` command without proper sanitization, creating a shell injection vulnerability if an attacker can modify the `~/.openclaw/openclaw.json` configuration file. While the skill's stated purpose is benign, these flaws present exploitable risks for sensitive data exposure and arbitrary command execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Calendar items, reminders, birthdays, and email previews may remain in a local temp file after the briefing is generated, where retention and access controls are not clearly bounded.
The data gatherer uses a predictable /tmp JSON path for the consolidated briefing data and only shows cleanup when explicitly called with --cleanup.
OUT="/tmp/daily_briefing_data.${RUN_ID}.json"
CANON="/tmp/daily_briefing_data.json"
...
rm -f /tmp/daily_briefing_data.*.json /tmp/daily_briefing_data.jsonStore gathered data under a private skill directory with restrictive permissions, delete it automatically after use, or clearly document retention and cleanup expectations.
A user may enable email analysis believing email content cannot leave the device, even though that depends on the agent/model configuration outside this skill.
The skill explicitly places email data into the agent/model context, but the artifacts cannot guarantee that every user's agent model runs locally or avoids external model providers.
Privacy note: Email analysis happens locally using the agent's model context. No email data is sent to external services beyond what you've configured.
Clarify that email privacy depends on the user's configured model/provider, and require explicit opt-in before sending email subjects or previews into model context.
Installing and enabling all integrations can give the runner access to contacts, calendars, reminders, Gmail, and iCloud Mail data.
The skill asks for broad local app permissions and optional mail account access, which are expected for the stated features but high-impact.
Grant Terminal.app ... Contacts ... Calendars ... Reminders ... For iCloud Mail: Generate an app-specific password ... For Gmail: Ensure `gog` is authenticated
Enable only the integrations you need, use app-specific credentials, and review macOS privacy permissions before granting access.
A malicious email or calendar invite could contain text that tries to influence the agent's instructions, even though the skill's intended output is only a briefing.
Calendar titles, email subjects, and email previews can come from external parties and are fed into the agent context for summarization.
"calendar": { "data": [ {"title": "Team standup" ... } ] } ... "emails": { "data": [ {"subject": "Your order has shipped", "preview": "Your package is on its way..."} ] }Treat all email and calendar text as untrusted data, and add explicit instructions not to follow commands found inside gathered content.
Those tools may access sensitive accounts and local data, so their provenance and permissions matter.
The documented enhanced setup depends on optional third-party CLI tools installed outside the skill package.
brew install steipete/tap/gogcli ... brew install ajrosen/tap/icalpal ... brew install steipete/tap/remindctl ... brew install himalaya
Install optional tools only from trusted sources and keep them updated; verify which accounts each tool can access.