Dreaming
Security checks across malware telemetry and agentic risk
Overview
This skill is mostly a local idle journaling helper, but its scheduled script builds Python code from an editable state file, so review it before installing.
Review the script before adding it to your heartbeat routine. If you install it, keep data/dream-state.json trusted and numeric, review or delete generated dream files regularly, and only enable the heartbeat block if you are comfortable with quiet-hour autonomous writing.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the state file is tampered with, the recurring heartbeat could run code under the user's account.
A value read from data/dream-state.json is inserted directly into Python source passed to python3 -c. If that editable state value is non-numeric or poisoned, the heartbeat-run script could execute unintended Python instead of only rolling a probability.
DREAM_CHANCE=$(echo "$STATE" | jq -r '.dreamChance // 1.0') ROLL=$(python3 -c "import random; print(1 if random.random() < $DREAM_CHANCE else 0)" 2>/dev/null || echo "1")
Keep data/dream-state.json trusted and ensure dreamChance is numeric. The publisher should validate dreamChance as a number or pass it as an argument and parse it as a float rather than embedding it in Python code.
The agent may create dream entries during idle periods without a new user request each time.
The skill is designed to run from a recurring heartbeat and trigger agent-written output during quiet hours. This is disclosed and bounded by quiet hours/nightly limits, but it is autonomous recurring behavior.
Add this section to your heartbeat routine (during quiet hours): ... DREAM_TOPIC=$(./skills/dreaming/scripts/should-dream.sh 2>/dev/null) ... If DREAM_TOPIC is set: ... Write a thoughtful exploration to `memory/dreams/YYYY-MM-DD.md`
Only add the heartbeat block if you want this recurring behavior. Adjust quiet hours, maxDreamsPerNight, and dreamChance, and remove the heartbeat block to disable it.
Saved dreams may contain speculative or unverified ideas that could be mistaken for reliable memory later.
The skill intentionally stores persistent agent-generated reflections. This is purpose-aligned, but persistent notes can later influence users or agents if treated as memory or context.
`memory/dreams/YYYY-MM-DD.md` — Dream output files (written by the agent, not the script)
Review dream files before relying on them, keep them separate from authoritative memory, and delete or archive entries you do not want reused.