Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Taste
v3.0.1Generates personalized recommendations from real consumption data by scanning email/calendar, enriching venues, and explaining suggestions with prior behavior.
⭐ 0· 41·0 current·0 all-time
byIndigo Karasu@indigokarasu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill legitimately needs access to the user's email, Google Calendar, and Google Maps/web search to deliver its stated functionality. However the registry metadata lists no required credentials or config paths. skill.json does declare read/write to ~/openclaw/data/ocas-taste and journals (which matches persisting extracted signals), but it does not declare how email/calendar or Google Maps access will be supplied (OAuth tokens, API key, or platform connectors). This mismatch between required sensitive resources and declared requirements is concerning.
Instruction Scope
SKILL.md and the references explicitly instruct the agent to read full email bodies and Google Calendar events, extract structured personal consumption data, enrich items via Google Maps and web search, persist JSONL records, and write journals. Those actions are within the described purpose, but the instructions also include 'Always use the user's email account, never the agent's account' and LLM-based extraction of email content — both require explicit, sensitive access. The skill also claims to register a cron job and perform automatic self-updates (README / setup), which expands scope to persistent system-level behavior not reflected in the registry metadata. No explicit limits or opt-outs are documented for scanning (e.g., allowlist editing, disabling auto-scan).
Install Mechanism
There is no install spec in the registry (instruction-only), which is lower risk; however SKILL.md and README include an 'install' line and describe registering a daily cron job and a self-update command that pulls from a GitHub repo. Those behaviors imply writing to system cron and fetching code from the network, but there's no declared install mechanism or explanation of how/when updates run or are authorized. Automatic self-updates and cron registration are high-impact operations and should be explicit in the install spec and permissions model.
Credentials
The skill will access highly sensitive personal data (full email bodies, calendar events) and external enrichment services (Google Maps / web search). Yet requires.env and primary credential are empty in the registry. There is no documented requirement for OAuth tokens, Google API keys, or other credentials; no mention of how credentials are obtained, stored, or scoped. This is disproportionate: reading email/calendar and calling Google Maps normally requires explicit credentialing and consent, which are not surfaced here.
Persistence & Privilege
The skill writes persistent data to ~/openclaw/data/ocas-taste/ and ~/openclaw/journals/ocas-taste/ (skill.json). README and SKILL.md state that taste.init registers a midnight cron job for automatic self-updates and that `taste.update` pulls from GitHub. While always:false and no cross-skill config modifications are declared, the implied automatic updater and cron registration grant the skill ongoing presence and the ability to fetch code, which increases risk if not managed and disclosed.
What to consider before installing
Before installing or enabling this skill, get answers and make changes to reduce risk: 1) Ask the author/platform how email/calendar access is granted and scoped (what OAuth scopes, consent screens, and tokens are used?) and insist credentials are explicit and limited. 2) Confirm how Google Maps enrichment is performed (official API with an API key vs. scraping public pages) and where any API keys would be stored. 3) Ask whether the skill will automatically register a cron job or auto-update itself; if so, require explicit user approval for updates and a way to disable cron/self-updates. 4) Understand where extracted data is stored, retention policy, encryption at rest, and how to delete data. 5) If you cannot verify these behaviors, consider running in a restricted sandbox or deny email/calendar access and use manual signal ingestion instead. 6) Prefer skills that declare required credentials and install steps explicitly; lack of declared credentials for email/calendar/Google Maps is a red flag. If the platform provides built-in connectors for email/calendar/maps, confirm that the skill will use those connectors without requiring additional long-lived secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk97df4k1kh6ryjsx45e0zhwjq983sq99
License
MIT-0
Free to use, modify, and redistribute. No attribution required.