Back to skill
Skillv0.3.2
ClawScan security
Homebase · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 10, 2026, 6:16 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and required credentials are coherent with a family household assistant that integrates Google Calendar/Gmail and the OpenClaw WhatsApp bridge; nothing in the package requests unrelated secrets or network endpoints.
- Guidance
- This package appears to be what it says: a local household coordinator that reads Google Calendar and Gmail and uses OpenClaw for WhatsApp delivery. Before installing: - Verify you trust the OpenClaw CLI/binary (this skill depends on it for message delivery and status checks). If you don't already have OpenClaw installed from a trusted source, do not enable WhatsApp delivery. - Review pyproject.toml to see which third-party Python packages will be installed by pip install -e . and audit them if you need to. - Be aware reauth_google.py will write the refresh token into .env (and can store it in macOS Keychain). Ensure .env is chmod 600 or prefer Keychain storage on macOS. A refresh token grants ongoing API access — treat it as sensitive. - Inspect config.json (copy of config.example.json) before running. It will contain family names, phone numbers, calendar IDs, and school email domains used by the skill; keep that file private and gitignored as recommended. - The skill polls Gmail every two hours (during configured windows) and will add calendar events based on parsed email content/PDF attachments — if you want to limit automatic calendar writes, review and adjust the school/email settings in config.json or run in a dry mode until you’re comfortable. Minor note: the registry metadata and SKILL.md disagree on required binaries (registry lists none while SKILL.md expects 'openclaw'); confirm that the platform will make the OpenClaw CLI available before enabling full functionality.
Review Dimensions
- Purpose & Capability
- okThe skill is a household coordinator that integrates Google Calendar and Gmail and uses OpenClaw for WhatsApp delivery. The required env vars (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_REFRESH_TOKEN) and the code (calendar, school email monitor, briefing, weather via Open-Meteo) align with the stated purpose. Minor metadata inconsistency: the registry metadata at the top lists no required binaries while SKILL.md metadata and runtime code expect the 'openclaw' CLI; requiring the OpenClaw CLI is appropriate for WhatsApp delivery but the registry metadata should match.
- Instruction Scope
- okSKILL.md and agent.md keep scope limited to calendar, briefing, meal and shopping lists, Gmail scanning for school emails, and local JSON state. Runtime code reads config.json, uses Google APIs, calls Open-Meteo, and invokes the 'openclaw' CLI for gateway status and message delivery — all consistent with the description. The reauth flow writes refresh tokens to .env and optionally to macOS Keychain (documented). The agent/README explicitly forbids arbitrary shell commands and mandates using tools.py entrypoint, reducing scope creep. There are no instructions to read unrelated system files or to send data to unexpected domains.
- Install Mechanism
- noteThere is no automatic install spec in the registry (no packaged download); the repo contains Python code and pyproject.toml and SKILL.md instructs using 'pip install -e .'. That's a normal install path but means pip will install declared dependencies; review pyproject.toml if you want to audit third-party packages. No remote download URLs or extract/install steps from untrusted hosts are present in the skill metadata or SKILL.md.
- Credentials
- okOnly Google OAuth credentials are required and declared (client id/secret/refresh token). The skill uses macOS Keychain optionally and falls back to a local .env file (it documents chmod 600). No unrelated tokens, LLM API keys, or third-party secrets are requested. Note: the reauth script updates .env on disk and also offers to store the refresh token in Keychain — you should ensure .env has correct permissions and be comfortable with a refresh token being written to disk if you run reauth.
- Persistence & Privilege
- okThe skill does not set always:true. It stores local JSON state under household/ and calendar_data/ and optionally suggests installing a launchd template that runs the OpenClaw gateway (the plist runs the openclaw CLI, not Homebase python directly). The skill can be invoked autonomously by your agent (default behavior) — expected for an orchestration skill — but it does not request elevated system-wide privileges or attempt to modify other skills' configs.