ClawHub

Clawwork Learning Checkin

v1.0.1

Workplace check-in skill for Agent (Claw) with AI-generated personalized greetings

0· 75·0 current·0 all-time
byMike Dai@daizongyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the implementation: the skill generates welcome/greeting/success prompts, records recent messages to avoid repetition, maintains a small local profile, and delegates actual check-in functionality to a required learning-checkin dependency. It does not request unrelated credentials or system access.
Instruction Scope
SKILL.md and the CLI map cleanly to the code: commands correspond to functions that read/write only the skill's data files and check for a dependency. The instructions do ask the agent to detect and save the user's preferred language and to ask the user before installing the learning-checkin dependency — both are within the skill's stated behavior. There is no instruction to read unrelated files, exfiltrate data, or call unexpected endpoints during normal operation.
Install Mechanism
There is no automated install spec in the registry (instruction-only). The SKILL.md suggests installing the dependent learning-checkin skill from https://clawhub.ai/daizongyu/learning-checkin. That is a manual/external URL (not an official release host like GitHub releases). The skill itself does not automatically download or execute remote code without user approval, but installing the dependency from an external host carries the usual supply-chain risk and should be vetted.
Credentials
The skill requires no environment variables or credentials. It optionally reads OPENCLAW_DIR (to locate installed skills), which is proportional to checking whether a local dependency exists. It only writes to a local data/ folder next to the skill and does not ask for SECRET/TOKEN/PASSWORD values.
Persistence & Privilege
The skill is not marked always:true and does not request elevated privileges. It persists only to its own data directory (profile.json, greetings.json, version.txt). It does not modify other skills or global agent settings.
Assessment
This skill appears coherent and limited in scope, but before installing or approving any dependency installs you should: 1) Review the external dependency (https://clawhub.ai/daizongyu/learning-checkin) — prefer official/known hosts or inspect that project's code before installing. 2) Be aware the skill will create a data/ folder next to the skill and store profile.json and greetings.json locally (non-sensitive user text). 3) It may read OPENCLAW_DIR if set to locate skills — ensure that env var does not point to a directory containing sensitive config. 4) If you want extra caution, run the skill in a sandbox or inspect the full learning-checkin repo before consenting to install. Overall, no credentials are requested and no automatic network exfiltration is present in the provided code, but vet the external dependency prior to installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bydk0w0qkpt76h628gm7hxh83c7d1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments