Solopreneur Assistant
Security checks across malware telemetry and agentic risk
Overview
This instruction-only business assistant appears coherent and purpose-aligned, but users should notice that it can involve persistent agent routines and sensitive business, inbox, calendar, and memory data.
This skill is instruction-only and appears aligned with its business-operations purpose. Before installing, decide whether you want persistent chief-of-staff behavior in your agent startup files, enable only the recurring reviews you need, and be careful about granting email, calendar, or business-record access.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent may see private emails, calendar events, contacts, and business commitments.
Email and calendar access are sensitive account permissions. They are disclosed and fit the inbox triage and daily briefing purpose, but users should understand what access they are granting.
- (Optional) Calendar and email access for full automation
Use the narrowest available email/calendar permissions, prefer read-only access where possible, and require explicit confirmation before sending, deleting, archiving, or modifying anything.
Private revenue, expense, client, decision, and daily activity information may influence future agent briefings and recommendations.
The workflow intentionally reuses persistent business files and agent memory logs to generate reviews and recommendations. This is purpose-aligned, but those files may contain sensitive or stale information.
Read `business/DASHBOARD.md` for revenue/expense data 2. Read this week's `memory/YYYY-MM-DD.md` files for context
Keep the business and memory files scoped to non-secret operational information, review them periodically for accuracy, and avoid storing passwords, tokens, or highly sensitive customer data there.
The agent could generate recurring briefings or reviews using stored business context when the schedule triggers.
The skill recommends persistent scheduled routines for weekly reviews. This is disclosed and central to the assistant workflow, but it means the agent may act on a recurring schedule rather than only in direct response to a single prompt.
Add to your `HEARTBEAT.md` or create a cron job for Friday afternoons
Enable only the schedules you actually want, make the trigger conditions explicit, and keep an easy way to disable the heartbeat or cron entry.