Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Daydreamer
v1.0.3Use this skill when the user says "daydream", "start daydreaming", "force a daydream", "run daydream cycles", or when a scheduled daydream is triggered. Also...
⭐ 0· 72·0 current·0 all-time
byHuck@jhuckobey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description, bundled Python conductor, and use of WebSearch + file Read/Write align with a 'daydream' memory-traversal feature. Requesting no external credentials and only Python 3.8+ is proportionate. However, the skill explicitly instructs the agent to read Claude Code session log JSONL files to 'seed' memories — that capability (reading prior session logs) is consistent with generating memories but is broader than a naive 'idea generator' and should be explicit to users.
Instruction Scope
SKILL.md instructs the script/agent to parse all accumulated memories and (on first install/seed) to identify and read Claude Code session log files, extract 'meaningful events', and write them into Daydreams.MD. It also specifies that each cycle's prompt contains the full accumulated context from every previous cycle. These instructions give the agent wide latitude to read conversation logs and persist potentially sensitive content into new files without tight, automated consent checks.
Install Mechanism
No install spec — instruction-only plus a bundled script. No network downloads or package installs were requested, which is low risk from an install/execution standpoint.
Credentials
No required environment variables or external credentials are declared (which is appropriate). The skill will read and write files under the workspace root, and uses DAYDREAM_WORKSPACE if provided. The risk is not from credentials but from scope: the skill asks to read session log files (which may contain sensitive conversations) and store extracted text in persistent files (Daydreams.MD, Daydreamlog.MD, ideas/), which can leak or permanently store sensitive content.
Persistence & Privilege
always is false and the skill does not request system-wide changes. It creates files and a .daydream-session exchange directory in the workspace and persists session_state.json. That local persistence is expected, but because state and logs accumulate full-context prompts/responses, the skill can cause long-term storage of conversation content in the user's workspace.
What to consider before installing
This skill appears to do what it says — iteratively 'daydreaming' over stored memories — but it explicitly asks the agent to read session log files and to persist extracted events and the full accumulated context into files. Before installing or enabling it: 1) Review daydream.py (especially the seed-memories and any file-search code) to confirm which filesystem paths it will read and that it does not walk outside a safe workspace. 2) Run the skill only in a dedicated directory that contains non-sensitive logs (set DAYDREAM_WORKSPACE to an isolated folder). 3) Be aware that the skill will write Daydreams.MD, Daydreamlog.MD, ideas/, and .daydream-session; these may contain excerpts of conversations or secrets unless you limit the input files. 4) If you do not want prior conversation logs parsed, do not run the seed step or remove/inspect the Claude Code JSONL files beforehand. 5) If you need higher assurance, request the full daydream.py source (the file is bundled) and check for any code that reads paths outside the workspace, transmits data externally, or executes downloaded code. The medium confidence reflects that parts of the script were truncated in the provided text — reviewing the full script (seed/search behavior) would raise confidence and could move this to 'benign' if it only touches the workspace as stated.Like a lobster shell, security has layers — review code before you run it.
latestvk976vynx9n4jnsyb5zhd1npxzs83d5gj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.