Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
schedule-reminder
v1.0.1双保险智能日程提醒系统。触发词: 提醒我、记得、别忘了、明天、后天、下午、上午、几点、会议、开会、截止、截止日期、日程、安排、计划。即使Gateway失效也能准时提醒。使用场景:(1) 用户说'提醒我XX'时创建提醒, (2) 主动从对话中捕捉日程信息, (3) 每日定时推送日程预览。支持微信、Telegram等...
⭐ 0· 173·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: scripts create reminders, keep a local backup, and send messages via the OpenClaw CLI; creating cron/launchd entries and local data files under ~/.openclaw/data is expected for the described 'double-insurance' reminder behavior.
Instruction Scope
SKILL.md and the scripts limit their actions to creating/editing files in ~/.openclaw/data, calling the openclaw CLI, and installing schedulers. There are no instructions to read unrelated system secrets or to exfiltrate data to external endpoints.
Install Mechanism
No network downloads or extraction steps; all code is included in the package. The installer writes config/runtime files and sets up cron or launchd entries — expected for a scheduler-style skill.
Credentials
The skill declares no required credentials. It does rely on the presence of node, a system scheduler (crontab/launchd) and the OpenClaw CLI (resolved as OPENCLAW_BIN or discovered at install). That dependency is proportional to sending notifications via OpenClaw, but you should confirm the openclaw binary is the expected/trusted CLI on your system.
Persistence & Privilege
Installer modifies the user's crontab (on Linux) or writes LaunchAgents plists and loads them (on macOS) to run backup/daily tasks (per-minute and daily). This persistent scheduling is necessary for the 'backup' behavior but does change user schedulers and creates files under ~/.openclaw — review before installing.
Assessment
This package appears to do what it says: it stores reminders in ~/.openclaw/data, uses the OpenClaw CLI to send notifications, and installs system scheduling (crontab or launchd) for the fallback mechanism. Before installing: (1) review the scripts (they are included) and confirm you trust the OpenClaw CLI that will be invoked; (2) be aware the installer will add entries to your crontab or create LaunchAgents and will write files and logs under ~/.openclaw/data; (3) ensure you are comfortable granting the installer permission to modify your crontab/LaunchAgents; (4) edit schedule-reminder-config.json to set your userId (needed to send messages). No external downloads, secret exfiltration, or unrelated credential requests were found.scripts/create-reminder.mjs:160
Shell command execution detected (child_process).
scripts/daily-brief.mjs:99
Shell command execution detected (child_process).
scripts/install.mjs:30
Shell command execution detected (child_process).
scripts/reminder-backup.mjs:85
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97f7p03p2v5ewhftbrf7e26xx83wh41
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⏰ Clawdis