ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

People Relationship Map

v0.1.0

Personal CRM and relationship graph for OpenClaw. Tracks people, their connections to each other, and what you know about them. Stores everything as Obsidian...

1· 334·0 current·0 all-time
by@gobiraj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description align with code and instructions: the Python CLI manipulates a local people/ folder and _graph.json, renders Obsidian-friendly Markdown, supports add/link/note/query/stale/mermaid. Required binary (python3) is appropriate and sufficient.
Instruction Scope
SKILL.md instructs the agent to run the included CLI and to auto-capture mentions from conversation (potentially running touch/note/link commands). Auto-capture is within the stated CRM purpose but does grant the agent discretion to persist user-provided conversational content to disk; the SKILL.md advises asking when intent is ambiguous, but this behavior is a privacy consideration the user should be aware of.
Install Mechanism
No install spec; this is instruction+code only. The code is included in the skill bundle and uses only Python standard libraries — no remote downloads or package installs are requested.
Credentials
The skill declares no required env vars and only needs python3. The script reads OPENCLAW_WORKSPACE (falling back to ~/.openclaw/workspace) to locate its storage; this env var is not listed as required in metadata but is optional and reasonable. No credentials or external service tokens are requested.
Persistence & Privilege
always is false and the skill does not request elevated or cross-skill configuration changes. It writes files under the user's workspace (its normal scope). Autonomous invocation is allowed by platform default; combined with auto-capture note above, this is a usability/privacy tradeoff rather than a coherence/integrity problem.
Assessment
This skill stores personal contact data and notes as plaintext files under your OpenClaw workspace (default: ~/.openclaw/workspace/people). Before enabling auto-capture or a cron digest: (1) confirm you want the agent to silently write conversation-extracted notes to disk, (2) consider where that workspace is synced (Obsidian cloud, other backups) and whether you need encryption or tighter file permissions, (3) check the OPENCLAW_WORKSPACE env var if you want files placed elsewhere, and (4) review and run the included Python script locally to ensure it behaves as you expect. There are no network calls or secret/external-credential requests in the bundled code, but treat the weekly digest/cron guidance as platform integration guidance — the skill itself does not implement external messaging.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b08xvr6javaj1kgggc8y1098233c7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3

Comments