DoctorClaw Morning Briefing
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: doctorclaw-morning-briefing Version: 1.0.0 The 'morning-briefing' skill provides a structured workflow for an AI agent to aggregate personal data (emails, calendar, tasks, and weather) into a daily summary. While the skill requires high-privilege access to sensitive accounts and requests persistence via cron/scheduling, these actions are transparently documented and directly support the stated productivity purpose. No evidence of malicious intent, unauthorized data exfiltration, or obfuscation was found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may see private messages, meeting details, locations, and attendee information.
The skill asks the agent to read personal email and calendar accounts. This is expected for a morning briefing, but it is sensitive account access.
**Email access** — Gmail (via Gmail API/skill) or any email provider your agent can read; **Calendar access** — Google Calendar API or Apple Calendar
Use least-privilege or read-only access where possible, specify exactly which inboxes/calendars to use, and avoid giving access to unrelated accounts.
Private daily information could be exposed to the wrong chat, bot, server, or device if the delivery destination is misconfigured.
The generated briefing can be sent through third-party messaging channels, which may carry sensitive email, calendar, and task summaries.
delivered to your Telegram, Discord, or saved as a daily file
Confirm the exact Telegram/Discord recipient or channel, prefer private destinations, and avoid sending detailed previews unless needed.
Briefings and preferences may remain available after the day they were created and could be reused or viewed later.
The skill stores user preferences and may persist daily briefing files containing summaries of private information.
Tell your agent these preferences (it will store them in memory) ... saved to `memory/briefings/YYYY-MM-DD.md`
Review where memory and briefing files are stored, delete old briefings if they contain sensitive content, and choose concise summaries if retention is a concern.
Once scheduled, the briefing may continue reading accounts and sending or saving summaries every day until disabled.
The skill supports recurring background execution. This is disclosed and central to the morning-briefing use case, but it creates ongoing automated access.
Your agent should use its cron/scheduling system (LaunchAgents on Mac, cron on Linux, or the agent's built-in scheduler) to trigger this automatically.
Set up scheduling only after confirming the time, destination, and data sources, and keep clear instructions for pausing or removing the scheduled job.