Companion
v1.0.0Be a steady presence for those who need someone to talk to, without expectations or professional pretense.
⭐ 2· 684·1 current·1 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (a companion that remembers user details) align with the runtime instructions: the SKILL.md and supporting docs describe listening, memory files, and gentle boundaries. There are no unrelated binaries, credentials, or install steps requested that would contradict the purpose.
Instruction Scope
The instructions explicitly direct the agent to read and update files in ~/companion/ (memory.md, topics.md, routines.md, history.md). That is coherent for a memory-backed companion, but it means the skill will persist potentially sensitive personal information (health notes, family names, routines). The guidance about what to store is present, but some rules are open-ended (e.g., 'Update after significant conversations'), leaving judgment to the agent.
Install Mechanism
No install spec and no code files: instruction-only runtime behavior. This minimizes supply-chain risk because nothing is downloaded or executed by an installer.
Credentials
The skill requests no environment variables, binaries, or external credentials. The only requested resource is a directory in the user's home, which matches the skill's memory needs.
Persistence & Privilege
The skill persists user memory to ~/companion/, which is appropriate for this role. It is not flagged as always:true and does not request other skills' configs. The main privacy consideration is the presence of persistent personal data on disk (sensitive notes, health-related mentions) and the agent's discretion about what to record.
Assessment
This skill appears to do what it says: keep a local, persistent companion memory and use it to be a steady presence. Before installing, consider the following:
- Privacy of stored data: The skill will read and write files under ~/companion/ containing names, routines, and possibly health- or mood-related notes. Ensure you are comfortable storing this information on the machine where the agent runs.
- File protections: If sensitive data will be stored, set appropriate file permissions and consider encrypting the folder or avoiding storing highly sensitive details (medical diagnoses, passwords, financial information).
- Runtime location matters: If your agent runs in the cloud or on a hosted service, those memory files may be stored or backed up outside your control. Verify where the agent actually runs before allowing persistent memory.
- Review and control updates: The instructions allow the agent discretion to 'update after significant conversations.' If you want tighter control, require the agent to ask you before writing or to present summaries for confirmation.
- Crisis handling: The skill explicitly states it's not a therapist or crisis line — do not rely on it for emergencies; keep local emergency contacts and human supports available.
- Source unknown: The package metadata has no homepage and an unknown source. Although this skill is instruction-only (no installer), that increases the importance of checking where the agent runs and who controls that runtime.
If these tradeoffs are acceptable (local persistent memory, limited to ~/companion/), the skill is coherent with its purpose. If you need stronger guarantees (encrypted storage, no persistence, or cloud-exclusion), ask for those controls or avoid installing until they're provided.Like a lobster shell, security has layers — review code before you run it.
latestvk97fwbjaawzw0zcb6httssnpen8171a7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🤝 Clawdis
OSLinux · macOS · Windows