ClawHub
Back to skill
v0.1.4

Olympic Alert

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:28 AM.

Analysis

This appears to be a straightforward Olympic schedule alert skill with disclosed local Python execution and small local state storage, but no evidence of credential use, exfiltration, or hidden behavior.

GuidanceThis skill looks safe for its stated purpose. Before enabling it, note that recurring heartbeat setup will repeatedly run the included Python checker, and the actual alert window appears to be 15 minutes despite some documentation mentioning 10 or 30 minutes.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityInfoConfidenceHighStatusNote
SKILL.md
python3 "$SKILL_DIR/scripts/check_olympic.py"

The skill is designed to run a local Python script. This is clearly documented and central to its reminder functionality.

User impactInstalling and using the skill means allowing the agent or user workflow to run the included Python checker script.
RecommendationReview the included script before enabling it, especially if adding it to a recurring heartbeat workflow.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
On each heartbeat:
1. Run `python3 <skill_dir>/scripts/check_olympic.py`
2. If output is not "알림 없음" → 사용자에게 알림 전송

The skill recommends recurring autonomous execution through HEARTBEAT. This is disclosed and purpose-aligned for alerts, but users should understand it may run repeatedly once configured.

User impactIf configured, the agent may run the checker on every heartbeat and send notifications when events are near.
RecommendationEnable the heartbeat only if you want recurring alerts, and remove or disable the heartbeat entry when the Olympics or your use case is over.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityInfoConfidenceHighStatusNote
scripts/check_olympic.py
STATE_DIR = Path(os.path.expanduser("~/.config/olympic-alert"))
STATE_FILE = STATE_DIR / "state.json"

The script writes a persistent local state file to remember which event alerts have already been sent. The stored data appears limited to event identifiers.

User impactA small local history of sent Olympic alerts will remain on the device until deleted.
RecommendationDelete ~/.config/olympic-alert/state.json if you want to reset notifications or remove the skill’s local state.