Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Daily Planner
v1.0.0Plan and manage your day with prioritized tasks, calendar blocking, energy-based scheduling, and automatic commitment tracking and reminders.
⭐ 2· 876·5 current·5 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description (daily planning, calendar blocking, commitment tracking) match the instructions: the agent reads calendar/events, schedules blocks, logs commitments, and writes plan files under ~/planner/. However, the runtime instructions assume the ability to read calendars, emails, notifications, and to send/reschedule calendar events and replies. The skill declares no required credentials or connectors — that omission is noteworthy (it may rely on platform-provided connectors, but the skill doesn't document or limit the scopes it needs).
Instruction Scope
SKILL.md instructs the agent to "pull calendar events," read "emails flagged as 'needs decision' (if email access)", extract commitments from conversations automatically, pause notifications, enable auto-replies, reschedule meetings, draft/send summaries and notifications, and share daily summaries with partners. Those actions can read and transmit sensitive data and perform outbound actions on the user's behalf. The instructions give broad discretion ("log automatically", "if agent has control", "after approval: reschedule and draft notifications") without explicit user-consent checkpoints or limiting rules, increasing risk of unwanted data exposure or automated outbound actions.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is the lowest-risk install model: nothing is downloaded or written by the installer beyond the normal skill metadata. The only persistent footprint is the described ~/planner/ directory written at runtime.
Credentials
The registry metadata lists no required environment variables or credentials, yet the skill implicitly needs access to calendar APIs, email, notification controls, and possibly contacts to send summaries/reminders. The absence of declared credentials isn't itself malicious (the platform may supply connectors) but the skill should explicitly document required integrations and the exact scopes (read calendar, write calendar, send email, access messages) so users can grant minimal permissions. Also, automatic extraction of commitments from conversations could capture unrelated sensitive content.
Persistence & Privilege
The skill writes persistent files under ~/planner/ (config, today, commitments, weekly, archive). That persistence is expected for a planner, but combined with autonomous invocation (model invocation allowed by default) and instructions to auto-log commitments and send/reschedule messages, there is potential for the agent to act without fine-grained user approval. always:false reduces immediate concern, but there are no explicit safeguards in the instructions (e.g., read-only mode, explicit approval flows, or audit logs) for outbound actions.
What to consider before installing
Before installing, confirm which integrations this skill will use (calendar, email, contacts, notifications) and require it to list exact scopes (read calendar, create events, send email, read messages). Ask the vendor/author to: (1) require explicit consent for automatic actions (auto-send, reschedule, auto-replies) and provide an opt-in toggle; (2) add a confirmation step before logging commitments extracted from conversations; (3) document where files in ~/planner/ are stored and how to delete them; (4) show an audit log of outbound actions; and (5) request least-privilege connectors (read-only where appropriate). If you cannot get clear, scoped permissions and explicit consent controls, treat this skill as high-risk for privacy and automated outbound actions and avoid granting it write/send permissions.Like a lobster shell, security has layers — review code before you run it.
latestvk977exea2gxtc61aj7e48ndqch814p1m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📆 Clawdis
OSLinux · macOS · Windows