ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Intent Guardian

v1.0.0

Watches your desktop activity, maintains a real-time task stack, detects when you forget what you were doing after interruptions, and gently reminds you. You...

0· 382·0 current·0 all-time
byHuiling Pan@huilingp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (desktop activity sensing, task stack, reminders) match the provided scripts and SKILL.md. All required capabilities (polling active window via osascript, optional ActivityWatch integration, optional screenshots for vision models, local JSON state under memory/skills/intent-guardian) are consistent with the described functionality. There are no unrelated credentials, services, or binaries requested.
Instruction Scope
Runtime instructions direct the agent to poll active window/app titles, append event lines to a local activity_log.jsonl, maintain task_stack.json and focus_profile.json, and send reminders. These actions are within scope. Important caveats: the optional screen-capture path produces base64 image output (scripts/sense_screen.sh) which could contain highly sensitive data; the SKILL.md also references an optional 'vision_model' which—if configured to a remote service—would cause image data to be transmitted off-host. ActivityWatch integration uses HTTP to a configurable URL (default localhost). If the user changes that URL to a remote host, activity data could be sent externally. The instructions themselves do not automatically exfiltrate data, but configuration choices can enable external transmission.
Install Mechanism
No install spec is provided (instruction + included scripts only). That is low-risk: nothing is downloaded or executed from remote URLs during installation. All code is contained in the package and uses standard system tools (osascript, screencapture, curl, base64, python3).
Credentials
The skill requests no credentials or special environment variables by default. It does use optional environment/config variables (INTENT_GUARDIAN_DATA_DIR, INTENT_GUARDIAN_POLL_INTERVAL, INTENT_GUARDIAN_AW_URL) which are reasonable for configuring storage, poll interval, and ActivityWatch endpoint. The sensitivity concern is data collected (window titles, app names, timestamps, and optionally full screenshots) — these are proportional to the stated purpose but can include private content; there is no explicit justification for sending such data off-device, so caution is warranted if you enable remote vision/model integration or point AW_URL to a non-local endpoint.
Persistence & Privilege
The skill is not set to always:true and does not request elevated system privileges. It writes data under memory/skills/intent-guardian (configurable via INTENT_GUARDIAN_DATA_DIR), and suggests optional cron/heartbeat hooks which are user-configured. It does not modify other skills' configuration or force installation into every agent run.
Assessment
This skill is internally consistent with what it says it will do, but it collects local activity data that may be sensitive. Before installing or running it: 1) Keep screen_capture_enabled false unless you understand the risk—screenshots can contain passwords, private messages, or confidential documents. 2) If you enable vision_model, confirm the model endpoint is local/trusted; avoid sending raw screenshots to unknown third-party services. 3) Leave ActivityWatch URL at the default (localhost) unless you intentionally point it to a trusted server. 4) Inspect and, if desired, change INTENT_GUARDIAN_DATA_DIR to a secure location and set filesystem permissions; consider encrypting or regularly cleaning logs. 5) Test in a non-sensitive account or VM first to observe what is captured. 6) If you don't want persistent background sensing, don't add the heartbeat/cron jobs and run sensing scripts manually when needed.

Like a lobster shell, security has layers — review code before you run it.

context-switchvk97d95881nmaefmtmw9h0sdzvs81x1v3focusvk97d95881nmaefmtmw9h0sdzvs81x1v3latestvk97d95881nmaefmtmw9h0sdzvs81x1v3memoryvk97d95881nmaefmtmw9h0sdzvs81x1v3productivityvk97d95881nmaefmtmw9h0sdzvs81x1v3task-trackingvk97d95881nmaefmtmw9h0sdzvs81x1v3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments