Aaron
v1.0.0Persistent receptionist/orchestrator agent for all CFO dental appointments. Aaron manages scheduling, reminders, pre-appointment prep, post-appointment follo...
⭐ 0· 63·0 current·0 all-time
byAutomate@ironiclawdoctor-design
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the provided Python implementation: scheduling, reminders, treatment tracking, and local JSON storage. No external services, credentials, or unrelated binaries are requested.
Instruction Scope
SKILL.md and the script operate locally and reference the same storage path (/root/.openclaw/workspace/aaron/dental-records.json). The SKILL.md mentions a 24h cron job created/monitored by 'Fiesta' (external to the skill); the skill itself does not create cron jobs or spawn sub-agents. This is consistent but the doc's claim of persistence/cron depends on external setup (not performed by the code).
Install Mechanism
No install spec — instruction-only plus one included Python script. Nothing is downloaded or written to unexpected system locations beyond its own workspace directory.
Credentials
The skill requires no environment variables, keys, or external credentials. All data is read/written to files under its aaron/ workspace directory.
Persistence & Privilege
The SKILL.md marks the agent as 'persistent' (keeps local records) but the registry flag always:false means it won't be force-installed globally. The skill writes only to its aaron/ subdirectory (dental-records.json and aaron-log.jsonl) and does not modify other agent configs, per code and containment statements.
Assessment
This skill appears internally consistent and low-risk: it runs locally, stores appointment and insurance info under /root/.openclaw/workspace/aaron, and does not access network services or require credentials. Before installing, consider: 1) Data sensitivity — the skill stores personally identifiable and health/insurance data in plaintext JSON and a log file; if this is protected health information (PHI) you should ensure filesystem access controls, encryption at rest, or use a HIPAA-compliant storage solution. 2) Runtime user — the script writes to /root/.openclaw/... so confirm it will run under an appropriately privileged account (avoid running as root if you can). 3) Cron/automation — SKILL.md references a cron job created by a third party ('Fiesta'); verify that no unexpected cron entries are added when you deploy this skill and that scheduled runs are under your control. 4) Auditing — review aaron-log.jsonl regularly and consider rotating or restricting access to the workspace directory. If you need networked features (e.g., booking with external dentist APIs), expect additional permissions/credentials and review those carefully when/if added.Like a lobster shell, security has layers — review code before you run it.
latestvk97f4wcwq1vk9amfjj8v9zdkk183tcad
License
MIT-0
Free to use, modify, and redistribute. No attribution required.