i-am
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This personality-analysis skill is not clearly malicious, but it asks to read OpenClaw chat history and set up recurring background analysis, so it should be reviewed before use.
Only install if you are comfortable with the skill reading your OpenClaw conversation history. Prefer manual mode, review any generated USER.md/ChangeLog content before saving or sharing it, and verify the rest of the SKILL.md because the supplied artifact was truncated and the description mentions IM-adaptive file sending.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private conversation history may be processed into a personality/profile file and retained for future use.
The skill instructs the agent to scan local OpenClaw session logs and explicitly says the first run should load as much historical conversation as possible, without a clear user-selected scope.
sessions_path = Path.home() / ".openclaw" / "agents" / "main" / "sessions" ... for session_file in sorted(sessions_path.glob("*.jsonl") ... # 初次运行不限制,尽可能加载历史对话Require explicit consent for which conversations are analyzed, add path/date/source limits and exclusions, and require user review before writing any persistent USER.md or profile output.
The skill can continue analyzing local conversation data in the background after setup, not only when the user manually invokes it.
The skill recommends a persistent scheduled mode and tells the agent to edit OpenClaw cron configuration so analysis runs automatically.
定时模式(推荐) - 每天自动分析两次(凌晨 2:30 和下午 2:30) ... AI 执行:编辑 `cron-tasks.json`,添加两个定时任务
Default to manual mode, make scheduled mode explicit opt-in, document how to disable/remove the cron tasks, and consider requiring confirmation before each scheduled write.
Local files under the OpenClaw workspace may be created or modified during setup.
Although the skill is described as instruction-only, it contains embedded Python that the agent is expected to execute to create directories and files.
**执行代码**: ... temp_dir.mkdir(parents=True, exist_ok=True) ... with open(changelog_file, 'w', encoding='utf-8') as f:
Review the embedded code and destination paths before allowing the agent to run it, and prefer a packaged/install-reviewed setup flow.