ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Daily Briefing

v1.0.0

Structured morning briefing skill — daily summaries covering calendar, tasks, weather, news, and priorities. Supports cron, heartbeat, and on-demand triggers.

0· 274·1 current·1 all-time
by@clawdssen·duplicate of @clawdssen/agent-daily-briefing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (daily briefing: calendar, tasks, weather, news, delivery) matches the instructions. The SKILL.md only asks the agent to read local configuration files (BRIEFING.md, HEARTBEAT.md, memory/*.md, optional TODO.md) and available integrations (calendar, weather, messaging channels), which are reasonable for this skill.
Instruction Scope
Instructions direct the agent to read/write workspace files (BRIEFING.md, memory/YYYY-MM-DD.md, memory/briefing-log.json) and to use configured integrations (calendar, messaging channels, optional email, GitHub issues). This is consistent with the briefing purpose but does involve access to potentially sensitive personal data (calendar entries, email summaries, task files). The skill itself does not request extra credentials, but will operate with whatever integrations the agent already has.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes disk writes and arbitrary code execution risk; nothing is downloaded or installed by the skill.
Credentials
The skill declares no required environment variables or credentials. It assumes preconfigured channels/integrations managed by the agent/platform rather than adding new secrets. This is proportionate to its stated functionality.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges. It suggests writing a local briefing-log.json and adding cron/heartbeat rules via the agent's normal mechanisms (which is expected for scheduling). Nothing indicates it modifies other skills or global agent policy.
Assessment
This skill is internally consistent with its purpose, but it will read and summarize sensitive data if you enable those sources. Before installing: (1) review and control BRIEFING.md to limit sections (don’t enable 'Inbox summary' or GitHub issues unless you want the agent to access emails/repos), (2) ensure your calendar, messaging channels, and any other integrations are configured with the credentials you intend and belong to trusted services, (3) be aware the agent will write logs to memory/briefing-log.json in its workspace, and (4) test delivery in a low-risk channel before enabling cron/heartbeat for automatic daily runs.

Like a lobster shell, security has layers — review code before you run it.

latestvk977pb0brz4nk92ztzar66350n82bb3p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments