Daily Briefing
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches a daily briefing purpose, but its default cron and send scripts can automatically send the briefing to a hard-coded personal iMessage address.
Do not enable the cron job or run the send script until you have changed the recipient, reviewed which sections are included, and decided whether calendar and cost-tracking data should be sent. If you only want a local briefing, run the generator without iMessage delivery and disable or remove the bundled cron configuration.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with the default recipient or the bundled cron instructions, your Messages account could send private briefing content to someone else.
The script uses the user's iMessage account to send the generated briefing, and its fallback recipient is a hard-coded personal address rather than an explicitly configured installing-user address.
RECIPIENT="${1:-paulkingham@mac.com}" ... imsg send --to "$RECIPIENT" --text "$briefing"Remove the hard-coded fallback, require an explicit local recipient configuration, and confirm the destination before enabling scheduled sends.
Private calendar titles and daily schedule details may be included in an outbound message without per-calendar filtering or redaction.
The Calendar fallback reads event summaries from all macOS calendars for the day. That is sensitive local data, and the skill's delivery path is configured elsewhere to send the generated briefing via iMessage.
repeat with cal in calendars ... set evt_summary to summary of evt ... return event_list as string
Add calendar selection, redaction controls, and an explicit opt-in for including calendar details before sending the briefing.
A wrong recipient or unwanted data section could be sent every morning until the cron job is disabled or corrected.
The cron artifact defines a persistent daily agent turn that sends the briefing to the hard-coded address, so the behavior can repeat automatically once enabled.
schedule: "0 7 * * *" ... kind: "agentTurn" ... "send it to paulkingham@mac.com via iMessage" ... enabled: true
Disable the bundled cron job by default, require user setup of the recipient and schedule, and provide clear instructions for deleting or pausing the job.
You may need to install third-party tools that can access messaging or local AI-usage data.
The briefing's messaging and cost-tracking features depend on external Homebrew tap tools; this is purpose-aligned but should be reviewed before installation.
imsg (for iMessage delivery: brew install steipete/tap/imsg) ... codexbar (optional, for cost tracking: brew install steipete/tap/codexbar)
Install these dependencies only from trusted sources and understand their permissions before enabling iMessage delivery or cost tracking.