Robin
v0.3.0Save and review notes, quotes, articles, links, images, and video references in a personal commonplace book. Use when the user wants to file something to rem...
⭐ 0· 65·0 current·0 all-time
byNitin Gupta@gniting
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (local commonplace book) match the requested capabilities: read/write a state directory, copy local images, and surface saved items. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines agent actions to creating/using a specified state directory, invoking repository Python scripts, and optionally scheduling recall. It explicitly disallows modifying the skill's source or docs. The runtime contract requires the caller to pass --state-dir or ROBIN_STATE_DIR, which is appropriate and scoped.
Install Mechanism
No install spec is provided (instruction-only). The skill relies on running repo-local Python scripts; this is expected for a local tool and avoids remote downloads or package installs.
Credentials
No sensitive environment variables or credentials are required. The only optional env var is ROBIN_STATE_DIR to locate the local state directory, which is reasonable for a filesystem-backed tool.
Persistence & Privilege
always:false (no forced always-on privilege). The skill writes only to its configured state directory (topics, media, review index). It does require the host agent be able to run scripts and schedule review if desired, but it does not request elevated system-wide changes.
Assessment
Robin appears to be a local, filesystem-backed commonplace-book tool. Before installing, decide and control where the state directory will live (use an agent workspace folder, not a sensitive system directory). Expect the agent to run the bundled Python scripts which will write files under that state directory and copy any local images you attach. There are no requested external credentials or remote downloads in the manifest, but running repository Python code executes whatever is in the repo — if you require extra caution, skim the scripts/ and src/ files (especially cli.py and scripts/*) to confirm they don't contact external endpoints or touch unrelated paths. If you allow autonomous invocation, ensure the state dir and any scheduled recall behavior are acceptable (the skill can modify its own state files such as robin-review-index.json).Like a lobster shell, security has layers — review code before you run it.
latestvk97at79sb6j7b9rprzkg6tyv7n84stqc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.