smart-keepalive
v0.0.31Automatically fetches RSS headlines, generates styled smart reports via OpenClaw, and supports optional wellness notes plus launchd/cron scheduling helpers.
⭐ 1· 94·0 current·0 all-time
bykyle@east5ringroad-kyle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (periodic RSS fetch → format → send via OpenClaw) match the included Python script, shell wrapper, and prompts. The script resolves and invokes the openclaw binary, reads openclaw config to determine channel/target, builds reports from RSS sources, and sends via `openclaw message send`, which is consistent with the declared purpose.
Instruction Scope
SKILL.md and prompts narrowly define formatting and model behavior; the runtime instructions and script legitimately perform network fetches (RSSHub), run openclaw, and may call the agent for text rewriting. The skill will read files such as openclaw.json and identity files under ~/.openclaw/agents/<agentId>/IDENTITY.md, and writes state and logs (default: ~/.smart-keepalive/brief-sources.json and ~/.openclaw/logs/smart-keepalive.log). These file reads/writes are expected for operation but are privacy‑sensitive and worth auditing.
Install Mechanism
There is no install spec (instruction-only with shipped scripts). No remote binary downloads or archive extraction are present in the manifest — the risk surface is limited to the provided Python and shell scripts being executed.
Credentials
The registry lists no required env vars, and the script does not demand credentials. The script does reference many optional KEEPALIVE_* environment variables and checks OPENCLAW_BIN / OPENCLAW_CONFIG / PATH / NVM_DIR, which is proportional to its functionality. However it also reads other OpenClaw agent identity/config files for personalization and will create files in the user's home — these accesses are justifiable for sending messages but are material to privacy and should be expected before enabling scheduled runs.
Persistence & Privilege
always:false and user-invocable:true. The skill provides helpers to generate launchd/cron entries but does not force installation. It will create its own state and log files under the user's home when run; it does not request special platform privileges or modify other skills' configs.
Assessment
This skill appears to implement what it promises, but review a few things before use: 1) Default RSS sources: it uses two third‑party RSSHub instances (rsshub.liumingye.cn and rsshub.pseudoyu.com) as defaults — these are external services that will see every RSS request and can serve arbitrary content. Prefer configuring KEEPALIVE_RSSHUB_BASES to trusted/self‑hosted instances or your own RSS endpoints. 2) Local config and files: the script reads openclaw.json and identity files under ~/.openclaw and writes state/log files to ~/.smart-keepalive and ~/.openclaw/logs — verify you’re comfortable with that I/O. 3) Command invocation: the script runs the openclaw CLI and may run node to guess paths; ensure the openclaw binary it finds is the expected one. 4) Scheduling: the skill can generate cron/launchd helpers but won’t install them silently — double‑check any generated schedule before enabling. If you want higher assurance, inspect the full smart-keepalive.py for the HTTP fetch logic (which endpoints it calls and how it handles content) and, if necessary, replace the default RSSHub bases with your own.Like a lobster shell, security has layers — review code before you run it.
automationvk972etj1522yfx6wneg423a92h84dakgkeepalivevk972etj1522yfx6wneg423a92h84dakglatestvk972etj1522yfx6wneg423a92h84dakgproductivityvk972etj1522yfx6wneg423a92h84dakgwellnessvk972etj1522yfx6wneg423a92h84dakg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.