Floreo
AdvisoryAudited by VirusTotal on Apr 15, 2026.
Overview
Type: OpenClaw Skill Name: floreo Version: 0.2.1 The skill provides a complex journaling system using local shell scripts for data analysis and reporting. It is classified as suspicious due to a significant contradiction between the 'Security & Privacy Clarifications' in RELEASE_v0.2.0.md (which explicitly denies the use of background processes, file watchers, and external API calls) and the features described in SKILL.md and clawhub.json (which promote autonomous activity detection and Notion/GitHub/Calendar sync). Furthermore, the skill includes powerful shell scripts in SKILL.md that use 'find', 'xargs', and 'sed -i' to perform broad file system operations across the user's home directory, including importing data from '~/Documents/', which poses a risk of unintended data modification or exposure.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could believe the skill is fully offline/manual when other bundled documentation says it can monitor activity and connect to cloud services.
This privacy assurance conflicts with SKILL.md and clawhub.json, which advertise autonomous background activity detection and Notion/GitHub/Calendar sync. The contradiction could mislead users about whether the skill runs background monitoring or sends data to external services.
What This Skill Does NOT Do ... ❌ No background processes ... ❌ No external API calls ... ✅ 100% offline
Treat the current SKILL.md as the active behavior, and only enable watchers or integrations after confirming the exact data collected, destinations, and disable/removal steps.
If enabled, the skill may keep watching repositories, files, and calendars in the background.
The skill explicitly supports persistent autonomous monitoring and scheduled analysis. This is aligned with the autonomous journal purpose, but it can continue operating after setup and observe private activity.
Autonomous operation — Background processes watch for activities (git commits, file changes, calendar events) ... Shell script automation — Scheduled analysis runs via cron/heartbeat
Enable autonomous mode only for specific directories/accounts, review any cron or watcher setup, and keep a clear disable/uninstall procedure.
Tokens or API keys could grant access to external accounts if over-scoped or stored insecurely.
Optional Notion, GitHub, Calendar, and Slack integrations require service credentials. This is expected for sync features, but credentials are sensitive and the registry metadata declares no primary credential.
External: Configurable via API keys in ~/.openclaw/customers/.floreo-config/
Use least-privilege tokens, avoid broad account scopes, and do not place unrelated credentials in the Floreo config file.
Private life-logging data could leave local storage if integrations are enabled.
The skill can send or sync personal journal/activity data to external services. This is disclosed and purpose-aligned, but the data may include sensitive health, productivity, relationship, or calendar information.
Open connections — Optional integrations with external services (Notion, GitHub, Calendar APIs) ... Slack webhook for notifications
Keep external sync disabled unless needed, verify privacy tiers/export rules, and review what fields are sent to each service.
Users may have trouble determining which documentation accurately describes the installed skill.
The registry and _meta.json report version 0.2.1, while package.json reports 0.2.0 and the included release notes contain conflicting feature claims. This is a provenance/documentation consistency issue rather than proof of malicious behavior.
"version": "0.2.0"
Confirm the repository tag or commit for version 0.2.1 and prefer a single, current privacy/security statement.