ClawHub

schedule-reminder

Security checks across malware telemetry and agentic risk

Overview

This is a reminder skill that creates local and OpenClaw scheduled reminders, with disclosed background jobs and messaging behavior that fit its stated purpose.

Install only if you want a background reminder service. Review the configured userId, accountId, channel, and timezone before use, avoid putting secrets in reminder or advisor text, and be prepared to remove the crontab or LaunchAgent entries manually if you uninstall it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The script accepts arbitrary advisor JSON from the CLI and persists it under the reminder record even though reminder creation only requires scheduling metadata. In a reminder skill, this broadens data collection and retention beyond the declared purpose, increasing privacy risk if sensitive conversation-derived insights are stored in plaintext and later exposed through local compromise, logs, backups, or other components reading the file.

Vague Triggers

High
Confidence
92% confidence
Finding
The phrase '主动从对话中捕捉日程信息' permits passive extraction of scheduling data from general conversation, but the skill does not define clear limits, exclusions, or a strict confirmation requirement before action. Because the skill stores reminders and can push notifications daily or through external channels, unclear activation boundaries increase the chance of collecting and operationalizing sensitive personal information without meaningful user intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The phrase '主动从对话中捕捉日程信息' permits passive extraction of scheduling data from general conversation, but the skill does not define clear limits, exclusions, or a strict confirmation requirement before action. Because the skill stores reminders and can push notifications daily or through external channels, unclear activation boundaries increase the chance of collecting and operationalizing sensitive personal information without meaningful user intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises daily automatic schedule previews and delivery through WeChat, Telegram, and other channels, but it does not clearly disclose what conversation-derived data may be stored, how long it is retained, or what is transmitted to external messaging systems. In a reminder skill, schedule content can contain sensitive personal or business information, so missing transparency and consent materially increases privacy and data-leak risk.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The skill states that the timezone defaults to 'Asia/Shanghai' without indicating user choice or explicit confirmation, which can cause reminders to be scheduled and sent at the wrong local time. In a scheduling/reminder skill, incorrect time interpretation directly undermines integrity of the core function and can lead to missed meetings, deadlines, or privacy issues if notifications are sent at inappropriate times.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends a compiled daily briefing containing schedule details, event names, and advisory notes to an external messaging channel via the `openclaw message send` command, but there is no explicit consent check, notification, or minimization at send time. In a scheduling skill, this data is inherently sensitive, and misconfiguration of `userId`, `primaryChannel`, or the messaging backend could expose private calendar information to an unintended recipient.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installer persistently writes configuration/data files and registers scheduled jobs (cron or launchd) automatically during installation, without an explicit opt-in step. Even if intended for reminder functionality, silent persistence is security-relevant because it creates recurring execution and background behavior that a user may not fully understand or consent to.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal