Charisma Research Loop
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only content workflow, but it tells the agent to send emails and update calendars without specifying recipients, calendar scope, or confirmation.
Use this only if you are comfortable with the agent preparing recurring email and calendar briefs. Before enabling delivery, set the recipient, target calendar, event naming/update rules, and require confirmation before any message is sent or calendar item is changed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has email or calendar tools, it could send messages or alter calendar entries in a way the user did not explicitly approve.
The skill directs the agent to send email and create or update calendar items, but does not specify recipients, target calendar, confirmation requirements, or limits on what can be updated.
- Send concise email brief with the 5 insights. - Create/update calendar task/event containing same 5 insights.
Require explicit user confirmation before sending email or changing calendar items, and configure a fixed recipient, calendar, event title, and update scope.
The skill may rely on the agent's access to personal or work email and calendar services.
Email and calendar delivery normally require delegated access to a user's account. This appears purpose-aligned, but the artifact does not define least-privilege account boundaries.
especially for scheduled morning/night briefs with email/calendar delivery
Use only narrowly scoped mail/calendar permissions where possible, and ensure the skill is limited to the intended account and delivery destination.
Future insight briefs may be shaped by whatever is stored in the ledger, including stale, incorrect, or injected content.
The workflow uses a persistent ledger to influence future runs. This is purpose-aligned for avoiding repeated insights, but persistent memory can carry forward bad or unintended content.
Read `/root/.openclaw/workspace/memory/charisma-insight-ledger.md`... Append a compact run log to the ledger
Treat the ledger as data rather than instructions, keep it limited to run metadata, and periodically review or clear it.