Personal Data Hub
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its stated purpose, but it should be reviewed because it can create and log a personal-data API key, start a background hub, and sometimes instruct the agent to bypass the safer gateway/tool path.
Install only if you trust PersonalDataHub and want the agent to access filtered personal data. Before enabling it, manually review or disable auto key creation, ensure generated keys are scoped and revocable, check logs for exposed keys, understand the background server lifecycle, and tighten hub policies for Gmail/GitHub access.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may gain PersonalDataHub access without a manually supplied key, and anyone with access to logs could potentially reuse the generated key.
When config is missing, the plugin can create a new PersonalDataHub API key and log the full secret. That key can grant access to the personal-data gateway.
const keyResult = await createApiKey(hubUrl, 'OpenClaw Agent'); apiKey = keyResult.key; api.logger.info(`PersonalDataHub: Auto-created API key. Save this for your config: ${apiKey}`)Require explicit user approval before creating keys, scope or expire generated keys, provide revocation guidance, and never log the full API key.
The agent could access GitHub using broader existing credentials rather than only data filtered through PersonalDataHub.
This redirects GitHub access away from the PersonalDataHub pull tool and toward the agent's own GitHub credentials, which may bypass the gateway filtering and audit model described elsewhere.
GitHub access is managed via your own credentials ... You do NOT use the pull tool for GitHub; instead, use your own GitHub tools directly
Route GitHub access through PersonalDataHub or clearly disclose and constrain any direct GitHub credential use.
If the normal tools fail, the agent may still read local credentials and make direct API calls that pull personal data or stage outbound actions.
The skill gives the agent a raw curl/API fallback using a local credential file, which can bypass the registered tool interface and its narrower parameter handling.
If the tools above are not available, you can call the PersonalDataHub API directly via HTTP. Credentials: Read `~/.pdh/credentials.json`
Prefer the registered tools, require user confirmation for direct API fallback, and avoid instructing agents to read credential files unless explicitly approved.
A local service with access to personal data may continue running after the immediate task or agent session.
The setup creates a long-running local service connected to personal accounts, but the artifacts do not show stop, revocation, or lifecycle controls.
Starts the server in the background ... After installation, open `http://localhost:3000` to connect Gmail/GitHub via OAuth.
Document how to stop the service, revoke OAuth grants and API keys, and confirm when the server is running.
Installation may execute local or downloaded build/setup code before the skill is used.
The documented install path runs package installation/build commands and invokes npx tooling. This is related to setup, but users should verify the package source and working directory.
install: cd ../../ && pnpm install && pnpm build && npx pdh init "OpenClaw Agent" && npx pdh start
Verify the repository and npm package provenance, review the install commands, and prefer pinned dependencies or a lockfile.
Filtered personal data, including email content, can become visible to the agent during a task.
Pulled PersonalDataHub results are returned directly into the agent context as JSON. This is expected, but may include sensitive or untrusted email/content fields.
text: JSON.stringify(result, null, 2)
Use restrictive PersonalDataHub policies, set practical result limits, and treat email or issue content as untrusted input.