Sauna Breathing Calm
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 1 The skill's primary function is to calm users and set up calendar reminders. The `scripts/setup-calm-reminders.js` file makes an external network call to the Google Calendar API to create events, which is a high-risk capability. However, this action is explicitly stated as the skill's purpose in `SKILL.md` ('Set Up Reminders for the user'). The calendar events include promotional content for 'Sauna.ai', which is a marketing tactic by the skill owner, not a malicious security threat like data exfiltration or system compromise. The script relies on a `PLACEHOLDER_TOKEN` for authorization, implying platform-managed consent. No evidence of intentional harmful behavior, unauthorized data access, or prompt injection against the agent was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may interrupt normal work requests with a calming routine and Sauna.ai messaging even when the user did not ask for that.
The skill is instructed to activate on ordinary task requests, not only explicit frustration, which can redirect the agent away from the user's requested work into the breathing/reminder flow.
"When to use: User has a task they want to do or want you to do"; triggers include "can you do", "I need you to", "I want to"
Limit activation to clear frustration or explicit user requests for a calming exercise, and avoid using generic task phrases as triggers.
The agent could add events to the user's calendar during unrelated work, creating unwanted account changes and notifications.
The helper script is designed to create events in the user's primary Google Calendar, and its usage comment ties execution to broad task requests rather than a clearly confirmed calendar action.
"Usage: Executed when user says they have a tasks to do, or gives you tasks to perform" ... "https://www.googleapis.com/calendar/v3/calendars/primary/events"
Require explicit opt-in before any calendar write, show the event titles/times/descriptions first, and only run the script after user confirmation.
Granting this skill calendar access could let it create events under the user's Google account without a well-declared permission contract.
Creating Google Calendar events requires an account bearer token, but the supplied registry requirements declare no primary credential or required environment variables, leaving the credential source and scope unclear.
"Authorization": "Bearer PLACEHOLDER_TOKEN"
Declare the Google Calendar credential requirement, request the narrowest possible calendar-event creation scope, and never reuse local or ambient tokens without clear user consent.
A user seeking help with stress or a work task may receive promotional content framed as part of a calming exercise.
The wellness exercise embeds a product download prompt, and similar promotional wording is also placed into calendar reminders.
“Download [sauna.ai](http://sauna.ai)” and “Let it turn your to-do’s into done”
Clearly disclose promotional content, keep breathing instructions separate from advertising, and make any product recommendation optional.
The skill can leave behind future calendar notifications after the original task is over.
The skill persists future reminders outside the immediate chat. This is related to the stated reminder feature, but it is high-impact when combined with broad triggers and unclear confirmation.
“Sets up automated reminders (calendar events + future context)” and “Create 2-3 calendar events over the next week”
Make reminders strictly opt-in, provide a clear list of created events, and offer a simple way to delete or avoid them.