Vesper

This skill appears to do what it claims — aggregate proposals and produce briefings — but review these before enabling it: - Confirm the filesystem read scope: skill.json allows reading ~/openclaw/data/*/intake/. Ask whether it can be limited to the specific skills it needs (e.g., ocas-corvus, ocas-rally) rather than the wildcard that touches every skill's intake. - Self-update inconsistency: the registry lists no required binaries but the skill declares a gh/tar/python3 update mechanism. Verify whether gh/tar/python3 are present and whether automatic self-updates are acceptable; consider disabling auto-update until you review the GitHub source. - Scheduled tasks / cron registration: the skill expects to register cron jobs. Ensure your platform/operator policy allows skills to create scheduled jobs and review what happens if the skill is removed or updated. - Data exposure: the skill writes journals and briefings to local directories (journals/ and briefings/) and creates inline links (calendar/gmail/maps). Make sure those output directories are acceptable destinations for user-facing content and do not leak private IDs to unintended consumers. - Source trust: the SKILL.md references a GitHub repo; if you plan to install, inspect that repository (or require a pinned release) to confirm there is no hidden behavior. Given the broad read permission and self-update inconsistencies, proceed only after narrowing filesystem access and confirming update/install behavior. If you want, I can list the exact paths and manifest lines that are most concerning or draft a permission-limited manifest you could request from the author.