Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Anti 996 Reminder
v1.2.0温馨健康提醒技能,每日12:05(午间)和23:00(睡前)推送暖心内容,支持打卡攒积分,舒缓压力、劝导早睡。适用于微信/QQ通道。
⭐ 0· 74·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (scheduled noon/night reminders, check-in points) match the provided content files and a small send_noon.py helper, but the skill claims automatic processing of user replies (parsing replies that contain '睡', updating points.json, managing history/streak/total) while there is no handler code or channel webhook/dispatch implementation included to accept inbound messages and perform writes. That missing implementation is a material inconsistency.
Instruction Scope
SKILL.md instructs registering cron jobs that embed python3 -c commands which read JSON files under /root/.openclaw/workspace/skills/anti-996-reminder/contents/*.json and produce message text. Reading those local files is coherent with the purpose. However, the docs also describe read/write operations on points.json for check-ins but do not include code or instructions showing how inbound messages are captured and how writes are performed safely; the example cron messages also include concrete sample account/to IDs which should be replaced. The use of inline shell/python in cron messages is functional but grants the agent execution of small code snippets—this is expected for scheduling but worth noting.
Install Mechanism
No install spec; the package is instruction-only plus a tiny Python helper (send_noon.py) and static JSON content. Nothing is downloaded from external URLs and no archives are extracted. Low install risk.
Credentials
The skill declares no required environment variables or credentials. It references platform channel names and sample account/to IDs for delivery, but it does not request or include secrets. This is proportionate to the stated sending-only functionality. Be aware delivery relies on existing OpenClaw channel accounts which hold credentials elsewhere.
Persistence & Privilege
always:false and no special platform-wide privileges are requested. The skill registers scheduled jobs (expected for reminder functionality). It does not attempt to modify other skills or system-wide settings in the files provided.
What to consider before installing
This skill largely does what it says: scheduled reminders using local JSON content. However, before installing or enabling it, check the following: 1) The skill describes automated check-in processing (detect replies with '睡' and update points.json), but there is no code or webhook shown to receive inbound messages and perform those writes—confirm where reply handling will run and who/what will update points.json. 2) Replace the sample --account and --to values; do not leave the example IDs in production. 3) The cron examples embed inline python3 -c commands that will run on the agent host and read files under /root/.openclaw/... — ensure the agent runtime has appropriate file permissions and that these paths match your deployment. 4) The included send_noon.py only prints a random entry; it does not send messages or process replies—if you expect automatic check-in recording you must add a secure handler that validates incoming content and sanitizes inputs before writing to points.json. 5) Test in a sandbox channel first to verify messages, reply handling, and file writes behave as intended. If you want, provide the inbound-message handler code or explain how OpenClaw routes replies so I can reassess and raise confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk97f4jx4k253jfsjvphj7fwqth83nv7p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌿 Clawdis