Mind-Wander

Key points to consider before installing: - Missing declarations: The registry metadata says "no required env vars/config paths", but the code reads environment variables (WANDER_OLLAMA, FALKORDB_HOST/PORT, PERPLEXITY_API_KEY, OPENCLAW_WORKSPACE) and the installer reads ~/.openclaw/openclaw.json. Expect to provide or allow access to these if you run the installer. - Installer side effects: install.sh will (unless you run with --dry-run or --skip-download) download a large GGUF model from a third-party Hugging Face repo and attempt to register a cron job on your OpenClaw gateway using a token in ~/.openclaw/openclaw.json. If you do not want the skill to create scheduled autonomous runs, do not allow it to access your gateway token; run the installer with --dry-run and perform manual cron registration instead. - Missing helper: The installer references scripts/register_model.py but that file is not present in the provided manifest. Expect the automatic model registration step to fail unless you supply or author the missing script or run manual model registration. - Sandbox is weak: The agent accepts arbitrary Python snippets and executes them via subprocess.run; the code blocks many obvious dangerous strings but runs the snippet in a plain Python subprocess without sandboxing (no chroot, no seccomp, no strict resource isolation beyond a timeout). Treat sandbox_run as potentially unsafe; run the skill only in an isolated environment (VM/container) if you will allow it to execute model-supplied code. - Data access & exfiltration surface: The agent reads and writes workspace files (ON_YOUR_MIND.md, MENTAL_EXPLORATION.md, completions/). It also attempts network access to Ollama and Perplexity and reads ~/.openclaw/openclaw.json for tokens. If those files or services contain sensitive tokens/notes, the agent could read them. The skill does not declare those accesses in registry metadata. Recommendations: - Run a dry-run of install.sh first: bash install.sh --dry-run to see intended actions. - Inspect the missing register_model.py or run model registration manually; avoid giving the installer gateway credentials. Use --skip-download if Ollama already has the model. - If you want to test: run inside an isolated VM or container and ensure your real ~/ .openclaw/openclaw.json and other sensitive files are not mounted into the test environment. - If you will grant gateway access, rotate the gateway token after install and audit the created cron job entry. - If you need this capability but want less risk: ask the author for a version that does not attempt automatic gateway cron registration and that documents required env vars/config paths explicitly. Given these mismatches, exercise caution and treat the skill as potentially intrusive until you either (a) run it in an isolated environment, or (b) confirm and restrict the installer's gateway/token access and review the missing helper scripts.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.