Anti 996 Reminder
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This reminder skill appears coherent and purpose-aligned, but users should review the recurring cron jobs, messaging account settings, and local check-in tracking before enabling it.
Before enabling this skill, replace the example account and recipient IDs, review the cron schedules and inline Python snippets, and remember that check-in history is stored in points.json. Only register recurring reminders you want to keep receiving, and remove the cron jobs if you stop using the skill.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user copies the command without changing IDs, reminders or weekly summaries may be sent to the wrong configured account or recipient.
The skill instructs users to register scheduled tasks that send messages through a configured WeChat/OpenClaw channel. This is expected for the reminder purpose, but the account and recipient should be verified.
openclaw cron add ... --announce ... --account "8592acfc8006-im-bot" ... --to "o9cq800M8K-wyrmql8S5MSqz9piM@im.wechat" ... --channel openclaw-weixin
Replace the account and recipient values with your own, verify the channel, and review each cron command before running it.
The cron task will run local Python snippets to generate reminder text from the skill files.
The scheduled prompt asks the agent/session to run inline Python to read local JSON content. The command is narrow and purpose-aligned, but it is still local code execution inside the scheduled workflow.
用以下 bash 命令从午间内容池随机选一条内容: python3 -c "import json,random; c=json.load(open('/root/.openclaw/workspace/skills/anti-996-reminder/contents/noon.json'))..."Review the inline Python snippets before registering the cron jobs, and only run them from a trusted local skill path.
The configured messaging account may send automated reminders and reports on the user's behalf.
The skill relies on a delegated messaging account to deliver reminders. This is expected for WeChat/QQ delivery, but it means messages originate from the configured account.
`--account <账号ID>`:指定微信账号,否则投递失败 ... `--account "8592acfc8006-im-bot"`
Use only the intended messaging account, confirm the recipient, and avoid registering the task under an account you do not want automated messages to use.
Your sleep/check-in history is stored locally in points.json and may be summarized in scheduled weekly messages.
The skill stores sleep check-in totals, streaks, last check-in date, and history for later weekly reports. This persistent data is purpose-aligned but represents personal habit information.
积分数据结构(存储于 points.json) ... "total", "streak", "lastCheckIn", "history"
Treat points.json as personal data, clear it if you stop using the skill, and ensure weekly reports go only to the intended recipient.
Once registered, the reminders and weekly report may keep sending automatically.
The skill is designed to create ongoing scheduled activity. This persistence is clearly disclosed and central to the reminder function, but it will continue after registration until removed.
每日 `12:05` 推送 ... 每日 `23:00` 推送 ... 每周一 `07:30` 自动推送上周打卡周报
Only add the cron jobs you actually want, confirm their schedules, and know how to list or remove them if you change your mind.