v1.1.0

OpenClaw 心跳设计器

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:16 AM.

Analysis

This is a no-code planner for HEARTBEAT.md and cron schedules; no hidden execution or credential use is shown, but users should review recurring checks before enabling them.

GuidanceThis skill appears safe as an instruction-only planner. Before turning its output into real OpenClaw cron jobs, review each HEARTBEAT.md item, keep sensitive account checks narrowly scoped, require confirmation for any changes such as labeling emails or canceling subscriptions, and ensure recurring jobs can be disabled.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityLowConfidenceHighStatusNote

CRON.md

openclaw cron add "邮件心跳" "0,30 * * * *" --heartbeat

This documents a user-directed way to create recurring OpenClaw heartbeat jobs; recurring automation is disclosed and central to the skill.

User impactIf the user runs similar cron commands, checks may continue on a schedule until they are changed or removed.

RecommendationOnly add schedules you intend to keep, follow the skill's ≤5 heartbeat guidance, and make sure you know how to disable or remove each cron job.

Tool Misuse and Exploitation

SeverityLowConfidenceMediumStatusNote

SCENARIOS.md

标记重要邮件（发件人/主题判断） ... 不需要的订阅（取消）

Some checklist wording can be read as changing account state rather than only observing it; this is purpose-adjacent but should not become automatic mutation without approval.

User impactIf a generated heartbeat is later connected to account tools, it could label messages or cancel services unexpectedly if treated as an instruction to act automatically.

RecommendationRewrite generated checklists as 'identify' or 'recommend' actions, and require explicit user confirmation before labeling, canceling, deleting, posting, or changing account data.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SCENARIOS.md

邮件检查: 检查收件箱（最近30分钟） ... 密码安全检查: 多设备登录检查 / 异常登录记录

Several recommended heartbeat templates involve private mailbox, account-security, or other sensitive account data; the skill does not request credentials, but downstream use may require account permissions.

User impactIf these templates are later connected to real integrations, the agent could be given access to private account or security information.

RecommendationUse least-privilege integrations, select only the needed data sources, and avoid granting broad mailbox, password-vault, admin, or financial-account access unless explicitly necessary.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

**HEARTBEAT.md** — 巡检清单（直接可用）

The generated HEARTBEAT.md is a reusable instruction artifact for future heartbeat runs; this is expected, but broad or stale instructions could influence later automation.

User impactFuture scheduled checks may keep following the saved file after the original conversation ends.

RecommendationReview the generated HEARTBEAT.md before saving it, keep it narrowly scoped, remove stale tasks, and do not store secrets in the file.