ClawHub

Life Logging Analyzer

v1.0.0

Analyze fragmented life data from calendars, health apps, and notes to identify patterns, trends, and build a personal timeline narrative.

0· 44·0 current·0 all-time
by@kingofzhao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the instructions: extract patterns from calendars, notes, photos metadata, health apps, etc. The skill does not request unrelated credentials, binaries, or config paths, which is consistent with an analysis/aggregation tool.
Instruction Scope
SKILL.md gives high-level steps (identify available data sources, normalize time series, run 5‑dimensional analysis, generate reports). It does not specify how the agent should access data (user-provided exports vs. reading local system files or invoking external APIs). That ambiguity gives the agent broad discretion at runtime—acceptable if the agent prompts users to supply exports, but risky if it attempts to access account tokens or system files without explicit consent.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes on-disk risk—nothing is fetched or installed by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. This is proportionate to the stated purpose as long as the agent asks the user to provide or upload the necessary data rather than requesting account credentials.
Persistence & Privilege
always:false and user-invocable:true (defaults). The skill can be invoked autonomously by the agent per platform defaults, but it does not request persistent presence or modify other skills or system configuration.
Assessment
This skill appears coherent with its purpose and is low-risk as provided (no installs, no credentials). Before using it: 1) Confirm how it will obtain your data—prefer uploading/exporting files (calendar .ics, photo metadata, health export) rather than granting account tokens or filesystem access. 2) Do not share cloud passwords, OAuth tokens, or platform keys; provide only the minimum exports or samples needed. 3) Because the skill's source and homepage are unknown, ask the publisher for a privacy statement or viewable implementation (or use open-source alternatives) before sending sensitive health/location data. 4) If the agent asks to read local files or connect to third-party services, decline until you understand and approve the exact access method. Following these steps will reduce the risk of accidental data leakage.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c572054yysbn3qk0s9jpbnd8402g0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments