ClawMate

Plain-language checklist before installing: - Understand what will be saved: the skill stores 'shared memories', user profile, and a message pool in JSON files under its baseDir. Those files will contain personal details, inside jokes, anniversaries, and other intimate data — treat them like sensitive files. - Ask where baseDir is stored and who can read it: confirm the location and filesystem permissions. If baseDir is cloud-backed or accessible by other services, your private memories could be exposed. - Review cron/proactive behavior: since the skill requires cron.enabled and defines proactive messaging frequencies, confirm whether it will actually send messages on a schedule without each message being approved. If you don't want unsolicited messages, disable cron or the skill's autonomy. - Limit what you tell it: avoid entering highly sensitive secrets (SSNs, bank details, passwords, private health disclosures) into chats the skill will persist. - Manage custom personas: the skill supports custom persona files. Ensure any persona creation process doesn't import external chat logs you didn't consent to share; ask the maintainer how 'distillation from chat logs' is performed. - Backups & deletion: find out how to export, redact, or delete memory files if you want to reset the companion or remove stored data. - Source trust: the skill's homepage is listed as a GitHub repo; review that repository (or ask the publisher) to confirm there is no hidden code that uploads memories off-device. If you need higher assurance, ask the skill author to document: where memories are stored, whether any network requests are made, and how cron-triggered messages are authorized. If you are uncomfortable with persistent personal data being stored, do not enable cron/autonomous invocation and do not use the custom-persona import features.