Glancely

PassAudited by VirusTotal on May 11, 2026.

Overview

Type: OpenClaw Skill Name: glancely Version: 0.3.0 The glancely bundle provides a personal tracker framework that dynamically scaffolds and executes modular components. It features high-risk capabilities including automated Python script generation (scaffolding) and arbitrary code execution of component scripts via subprocess and importlib (found in glancely/dashboard/build.py and glancely/cli.py). The scaffolding logic in glancely/skills/scaffold_component/scripts/scaffold.py is vulnerable to code injection because it uses simple string replacement to insert user-provided metadata (like notification text or titles) into Python templates. While these behaviors are aligned with the tool's stated purpose and no malicious intent is evident, the inherent RCE risks and filesystem modification capabilities warrant a suspicious classification.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteMedium Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

A user may install code from outside the reviewed skill artifact.

Why it was flagged

The skill relies on installing a Python package from the package ecosystem, and the provided metadata does not include a pinned install spec.

Skill content

Install the package: `pip3 install glancely`

Recommendation

Install from a trusted package source, consider pipx or a virtual environment, and pin/verify the package version if possible.

NoteMedium Confidence

ASI05: Unexpected Code Execution

What this means

Custom or modified tracker components can run Python code when used.

Why it was flagged

Normal use can execute local component scripts from tracker folders, which is expected for an extensible tracker framework but still worth noticing.

Skill content

If exists  read SKILL.md  run log.py.

Recommendation

Only keep trusted components under ~/.glancely/components and review generated or manually edited scripts before relying on them.

NoteMedium Confidence

ASI10: Rogue Agents

What this means

Reminders or tracker prompts may continue running after setup according to cron configuration.

Why it was flagged

Cron support is disclosed and aligned with reminders, but it creates persistent scheduled agent activity using session-related configuration.

Skill content

If user wants cron, ask for agent_id / session info and write `~/.glancely/openclaw.toml`

Recommendation

Enable cron only when you want persistent reminders, review the generated cron/session config, and remove or disable jobs you no longer need.

NoteMedium Confidence

ASI03: Identity and Privilege Abuse

What this means

Using the diary feature may grant the tool access to a Google Calendar selected by the user.

Why it was flagged

The diary/calendar path uses user-provided Google OAuth credentials, which is expected for writing diary entries to a user-owned Google Calendar.

Skill content

Google OAuth (user brings own client)

Recommendation

Use your own OAuth client, grant only the permissions needed, and avoid sharing token or credentials files.

NoteMedium Confidence

ASI06: Memory and Context Poisoning

What this means

The local Glancely data directory may contain sensitive habits, mood, diary, and reminder information.

Why it was flagged

The skill intentionally stores personal tracker entries, including raw mood replies, as persistent local data.

Skill content

`mood`  hourly check-ins with raw reply storage.

Recommendation

Keep GLANCE_HOME in a private location, be mindful of backups/sync tools, and delete stored data you no longer want retained.