Sleepwell
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: sleepwell Version: 2.0.1 The skill bundle contains a critical command injection vulnerability in `scripts/sleep_diary.sh`. User-supplied arguments for sleep hours and quality are directly interpolated into a Python heredoc without sanitization, which allows for arbitrary code execution. While the stated purpose of sleep and productivity tracking is benign and no evidence of intentional malice, data exfiltration, or backdoors was found, the high-risk nature of this vulnerability warrants a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted sleep-log value could run commands under the user's account if the agent or user executes this script.
The script interpolates user-controlled command arguments directly into Python source inside an unquoted here-document. Crafted values containing quotes and Python syntax could alter the generated script and execute local code when the command is run.
hours="${1:-7}"; quality="${2:-3}" ... python3 << PYEOF ... stars = "⭐" * int("$quality") ... "hours":float("$hours")Do not run this script with untrusted inputs. The maintainer should pass arguments to Python through sys.argv or environment variables, quote the here-doc delimiter, and validate hours/quality as numeric ranges before use.
A user may trust the skill as a sleep/wellness tracker while it actually guides the agent toward storing unrelated work or productivity notes.
The advertised sleep-tracking purpose conflicts with the main documentation, which describes broad productivity and work logging. This is a material purpose mismatch.
description: "Track sleep habits and analyze rest patterns over time" ... "Productivity toolkit for managing tasks, plans, reviews, streaks, reminders, priorities, archives, tags, timelines, reports"
Install only if you want this broader productivity logger. The maintainer should align the name, description, commands, and scripts, or split the sleep diary and productivity logger into separate skills.
Sleep, personal routine, or work-planning details may remain on disk and be searchable/exportable later.
The skill intentionally keeps persistent local history and export files. This is expected for a tracker, but the data may include sensitive health, personal, or work details.
All data is stored in `~/.local/share/sleepwell/` ... `history.log` — central log of all actions with timestamps ... `export.json`, `export.csv`, `export.txt`
Avoid logging secrets or sensitive business details, and periodically review or delete the local data directory if you no longer need the history.
Users may not know which script is authoritative or what local runtime dependencies are needed.
The registry describes an instruction-only skill with no binary requirements, but executable scripts are included and one uses python3. This creates ambiguity about what will be installed or invoked.
No install spec — this is an instruction-only skill. Code file presence: scripts/script.sh; scripts/sleep_diary.sh. Required binaries: none.
The maintainer should provide an explicit install specification, declare bash/python requirements, and document which script backs the `sleepwell` command.