ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Proactive Claw Integrations

v0.1.0

Optional network and automation helpers for Proactive Claw core: GitHub/Notion cross-skill context, team calendar awareness, daemon installer, and optional c...

0· 329·1 current·1 all-time
byDawid Piaskowski@googlarz

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for googlarz/proactive-claw-integrations.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Proactive Claw Integrations" (googlarz/proactive-claw-integrations) from ClawHub.
Skill page: https://clawhub.ai/googlarz/proactive-claw-integrations
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install googlarz/proactive-claw-integrations

ClawHub CLI

Package manager switcher

npx clawhub@latest install proactive-claw-integrations
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's files and SKILL.md align with the described purpose (cross-skill GitHub/Notion enrichment, team calendar syncing, and a daemon installer). However some capabilities used by the scripts are not fully declared in the registry metadata: the cross-skill script uses the gh CLI and an optional NOTION_API_KEY env var, and the optional OAuth helper contacts clawhub.ai to fetch credentials.json. The skill does declare a dependency on the proactive-claw core skill, which plausibly supplies missing pieces (e.g., daemon.py), but the registry metadata did not list the optional network/credential requirements explicitly.
!
Instruction Scope
Runtime instructions and scripts perform local reads/writes under ~/.openclaw/workspace/skills/proactive-claw (DB, pending_nudges.json, credentials.json) and make optional outbound network calls: gh CLI subprocess calls, Notion API POSTs when NOTION_API_KEY is set, and an explicit opt‑in fetch from https://clawhub.ai. The cross_skill.py presence check probes other SKILL.md files (presence-only). Installing the daemon will write launchd / systemd user units and schedule periodic runs. These actions are within the described purpose but expand the trust surface (scheduled execution + external network calls).
Install Mechanism
There is no automatic install spec; this is an instruction/code bundle. The only network download path is the optional setup_clawhub_oauth.sh helper which explicitly contacts clawhub.ai and enforces a SHA-256 pin and an opt-in flag; that mitigates some risk. The daemon installer writes user-level service/timer units (launchd/systemd user) but does not pull arbitrary code from unknown URLs.
!
Credentials
The registry lists only python3 (and proactive-claw core) as required. In practice: cross_skill.py will call the gh CLI (requires gh installed+authenticated) and will read NOTION_API_KEY from the environment if present; team_awareness relies on calendar backend credentials (credentials.json / token) and the optional script will use clawhub_token from the skill's config.json. NOTION_API_KEY and the gh CLI are not declared as required env/binaries in the metadata, which is an omission that affects the principle of least privilege and transparency.
Persistence & Privilege
always:false and model invocation allowed are fine. The provided installer can create and enable a recurring user-level background job (launchd or systemd user timer) that will run every ~15 minutes; that is powerful and persistent but is an expected capability for a 'daemon installer' feature. The installer references scripts/daemon.py which is not present in this bundle — likely provided by the proactive-claw core skill, but you should confirm before enabling the daemon.
What to consider before installing
What to check before installing: - Confirm you have the proactive-claw core skill installed and that it provides the referenced daemon.py; the installer writes launchd/systemd user jobs that will run periodically. - Understand opt-in network behavior: Notion enrichment will use NOTION_API_KEY (read-only search) if you set that env var; GitHub enrichment uses your gh CLI auth via subprocess calls. These integrations are optional but will make outbound requests when enabled. - The optional setup_clawhub_oauth.sh will fetch credentials.json from https://clawhub.ai if you opt in. This helper enforces a SHA-256 pin and a config flag before saving credentials, which is good, but only enable it if you trust clawhub.ai. Verify the expected SHA-256 pin before allowing remote fetch. - Review file writes under ~/.openclaw/workspace/skills/proactive-claw (DB, pending_nudges.json, credentials.json). Ensure you are comfortable with a user-level daemon having access to those files. - If you do not need a particular integration (Notion, GitHub, team calendar, remote OAuth provisioning), do not enable it. The code claims opt-in behavior; follow that advice and only enable needed features. - If anything is unclear (where daemon.py comes from, whether gh is required), ask the skill author or inspect the proactive-claw core skill before proceeding.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython3
calendarvk973wma7dk7ssr9vyfemmzph0h82d51fdaemonvk973wma7dk7ssr9vyfemmzph0h82d51fgithubvk973wma7dk7ssr9vyfemmzph0h82d51fintegrationsvk973wma7dk7ssr9vyfemmzph0h82d51flatestvk973wma7dk7ssr9vyfemmzph0h82d51fnotionvk973wma7dk7ssr9vyfemmzph0h82d51foptionalvk973wma7dk7ssr9vyfemmzph0h82d51fprivacyvk973wma7dk7ssr9vyfemmzph0h82d51fteam-awarenessvk973wma7dk7ssr9vyfemmzph0h82d51f
329downloads
0stars
1versions
Updated 12h ago
v0.1.0
MIT-0
Dawid Piaskowski@googlarz
calendardaemongithubintegrationslatestnotionoptionalprivacyteam-awareness
Download

Proactive Claw Integrations

This add-on contains integrations intentionally split from core for privacy-focused deployments.

Included scripts

  • scripts/cross_skill.py (GitHub + Notion context enrichment)
  • scripts/team_awareness.py (shared team calendar coordination)
  • scripts/install_daemon.sh (background scheduler installer)
  • scripts/optional/setup_clawhub_oauth.sh (optional credentials bootstrap)

Important

  • Requires proactive-claw core skill already installed.
  • These scripts operate on core data under: ~/.openclaw/workspace/skills/proactive-claw/
  • Enable each integration explicitly; do not enable what you do not need.

Comments

Loading comments...