ClawHub

Proactive Claw

v1.2.41

🦞 The most powerful proactive engine for OpenClaw. Your personal assistant that learns from you and helps you be more productive.

3· 1.2k·11 current·12 all-time
byDawid Piaskowski@googlarz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (proactive calendar assistant) match the code and runtime requirements: python3, a local config.json, and credentials.json for Google OAuth. The codebase implements calendar scanning, planning, and local notification/execution logic consistent with the stated purpose.
Instruction Scope
SKILL.md instructs running scripts/setup.sh, quickstart.sh and local python scripts (daemon, planner, executor). The runtime flow legitimately reads/writes files under ~/.openclaw/workspace/skills/proactive-claw, runs a local daemon, and performs OAuth calls to Google and optional Nextcloud CalDAV only when configured. Note: write access to a dedicated 'Actions' calendar is implemented in code (and the OAuth scope is full calendar access); the claim that writes target only the Actions calendar is a code-level enforcement, not an OAuth-scope restriction.
Install Mechanism
This is instruction-only (no automated install spec). setup.sh prints manual install commands and requires the user to run pip installs using provided requirements files. The requirements files are standard but do not include hash-locked packages (supply-chain risk if you blindly pip install). No downloads from unknown URLs or extract/install steps in the published core bundle were observed.
Credentials
No environment variables are requested. The skill requires credentials.json (Google OAuth client_id/secret) and writes token.json; this is proportionate for Google Calendar integration but is sensitive — credentials.json and token.json contain secrets and should be managed carefully. No unrelated credentials or system-wide secrets are requested.
Persistence & Privilege
The skill does not request always:true and defaults to interactive/confirm autonomy. Persistent state is confined to the skill workspace (~/.openclaw/workspace/skills/proactive-claw) and local SQLite files; no system services, sudo, or cross-skill configuration writes were observed.
Assessment
This skill appears to do what it says: a local-first proactive calendar assistant that reads your calendars and writes to a dedicated Actions calendar. Before installing, review these items: 1) credentials.json is required and contains your OAuth client secret — only provide a client you control and understand; token.json will store OAuth tokens locally, revoke them via your Google account if you stop using the skill. 2) The OAuth scope is full calendar access; the code claims to only write to an Actions calendar, but that restriction is enforced in code (so only use trusted copies of the skill). 3) setup.sh requires you to install Python packages manually from requirements-*.txt; consider installing into a virtualenv and prefer hash-locked dependencies. 4) Try the dry-run commands first (scripts/setup.sh --doctor, python3 scripts/action_planner.py --plan --dry-run, python3 scripts/action_executor.py --execute --dry-run, python3 scripts/quickstart.sh) to inspect planned actions before enabling the daemon. 5) If you care about maximum isolation, run the skill in a separate user account or VM, and audit config.json defaults (max_autonomy_level defaults to confirm). If you want additional assurance, request the full contents of the omitted files for manual review or run the audit commands listed in SECURITY.md.

Like a lobster shell, security has layers — review code before you run it.

ai-agentvk971tz0hhzhwckhgxejhs9zj5s82cc87automationvk971tz0hhzhwckhgxejhs9zj5s82cc87calendarvk971tz0hhzhwckhgxejhs9zj5s82cc87daemonvk971tz0hhzhwckhgxejhs9zj5s82cc87google-calendarvk971tz0hhzhwckhgxejhs9zj5s82cc87latestvk971tz0hhzhwckhgxejhs9zj5s82cc87local-firstvk971tz0hhzhwckhgxejhs9zj5s82cc87nextcloudvk971tz0hhzhwckhgxejhs9zj5s82cc87open-sourcevk971tz0hhzhwckhgxejhs9zj5s82cc87privacyvk971tz0hhzhwckhgxejhs9zj5s82cc87proactivevk971tz0hhzhwckhgxejhs9zj5s82cc87productivityvk971tz0hhzhwckhgxejhs9zj5s82cc87remindersvk971tz0hhzhwckhgxejhs9zj5s82cc87schedulingvk971tz0hhzhwckhgxejhs9zj5s82cc87sqlitevk971tz0hhzhwckhgxejhs9zj5s82cc87

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
Configcredentials.json, config.json

Comments