Personaldatahub
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with a personal-data gateway, but it needs review because it can auto-create and log a PersonalDataHub API key, uses ambiguous install/background setup, and gives some instructions that bypass the advertised gateway.
Install only if you trust the PersonalDataHub project and are comfortable granting an agent mediated access to Gmail/GitHub data. Prefer manual setup, review/restrict PDH policies and API-key scope, check logs for exposed keys, and avoid using separate GitHub tools unless you understand their permissions.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A running local hub could grant the agent access to personal data without a separate explicit configuration step, and the API key may be exposed in logs.
When no config is present, the plugin can create a new PersonalDataHub API key for itself and logs the full secret.
const keyResult = await createApiKey(hubUrl, 'OpenClaw Agent'); ... api.logger.info(`PersonalDataHub: Auto-created API key. Save this for your config: ${apiKey}`);Require explicit user approval before creating API keys, avoid logging full secrets, and provide clear instructions for scoping and revoking the generated key.
GitHub issue or PR data could be accessed outside the gateway's redaction, audit, or approval model if the agent has other GitHub tools available.
This tells the agent to use separate GitHub credentials/tools rather than the PersonalDataHub pull gateway, despite the skill description emphasizing gateway-filtered access.
GitHub access is managed via your own credentials ... You do NOT use the pull tool for GitHub; instead, use your own GitHub tools directly
Keep GitHub access inside PersonalDataHub or clearly disclose that separate GitHub credentials/tools may be used and how their scope is constrained.
Installation may execute code outside the reviewed skill directory or fetch/run code from npm, and may start a local service the user did not expect from an instruction-only registry entry.
The documented install hook is broader than the registry metadata suggests, changes two directories upward, runs package install/build commands, invokes an unpinned npx package, and starts a service.
install: cd ../../ && pnpm install && pnpm build && npx pdh init "OpenClaw Agent" && npx pdh start
Pin the PDH package/version, avoid changing to parent directories, make setup manual or explicitly declared in install metadata, and document exactly what will run.
A rebuild could change authentication behavior or fail in ways that differ from the reviewed dist files.
The source client shown here does not include the apiKey/Authorization behavior present in the built dist files; because the install hook runs a build, the runtime behavior is ambiguous.
export interface HubClientConfig { hubUrl: string; } ... headers: { 'Content-Type': 'application/json' }Ensure source and built artifacts match, include reproducible build steps, and avoid rebuilding during install unless the reviewed source is authoritative.
The agent may bypass the registered tool interface and make broader or less visible local API calls for sensitive data/actions.
The fallback instructs raw curl calls to pull personal data and propose actions, and the examples omit the API-key authorization used by the plugin client.
If the MCP tools above are not available, you can call the PersonalDataHub API directly via HTTP.
Prefer the registered MCP/OpenClaw tools, require authenticated examples, and keep direct API use behind explicit user approval.
A local service may keep running after setup and continue to hold access to connected Gmail/GitHub accounts.
The background PersonalDataHub server is disclosed and purpose-aligned, but it is persistent infrastructure connected to personal data sources.
Starts the server in the background
Document how to stop the service, where it stores credentials, and how to disconnect/revoke connected accounts.
Emails, issues, and proposed outbound actions may enter the agent context through the local gateway.
The skill uses an MCP/gateway flow to expose OAuth-backed personal-data tools to the agent; this is central to the purpose but sensitive.
This registers source-specific tools dynamically — only sources with connected OAuth tokens get tools.
Connect only intended accounts, review PersonalDataHub policies, and verify what data fields are exposed before using the skill.