daily review manager
AdvisoryAudited by VirusTotal on Mar 24, 2026.
Overview
Type: OpenClaw Skill Name: daily-review-manager Version: 1.0.0 The daily-review-manager skill is a legitimate tool for recording and organizing daily reflections into Markdown files. The provided Python script (scripts/review_processor.py) performs basic text cleaning, keyword-based sentiment analysis, and file appending without any suspicious execution or data exfiltration logic. The instructions in SKILL.md are consistent with the stated purpose and do not contain any prompt-injection attempts or malicious commands.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your daily reflections, moods, work notes, or personal details may be retained in the workspace file and reused for weekly or monthly summaries.
The skill persists daily reflections in a Markdown file for later review and summaries, which is aligned with its purpose but may store sensitive personal content.
复盘内容统一存储在 `dailyreview.md` 文件中。存储路径:`{workspace}/dailyreview.md`Install only if you are comfortable storing this journal data in the workspace; avoid entering secrets or highly sensitive information unless the storage location is appropriate.
If configured, the assistant may continue sending review reminders or generating summaries on a schedule.
The skill describes recurring reminders and scheduled weekly/monthly report generation. This is disclosed and expected, but it is still persistent scheduled behavior.
复盘提醒:定时提醒用户做复盘... 定时任务:每周日 21:00... 每月最后一天 21:00
Confirm any cron or scheduler setup yourself, and know how to disable the reminders or scheduled summaries if you no longer want them.
Voice transcription may require installing an additional Python package outside the listed install spec.
The skill documents an external Whisper package for voice transcription, while the registry install section has no install spec. This dependency is purpose-aligned but should be installed from a trusted source.
whisper | 语音转文字 | pip install openai-whisper
Install dependencies from trusted package sources and verify the package name/version if enabling voice transcription.
Connecting message platforms could expose review-related messages or voice files to the assistant workflow.
The skill may rely on messaging-platform or MCP adapters to retrieve voice messages. This is expected for voice input, but it involves third-party message data boundaries.
下载语音文件(飞书/微信等平台)... 微信/Telegram:使用对应平台的 MCP 工具
Authorize only the specific messaging integrations you need, and ensure they are scoped to user-provided review messages where possible.