ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pulse Board

v1.1.3

Universal operational digest for agent skill stacks. Every scheduled skill logs its outcome with log-append.sh. Twice daily, digest-agent.sh reads the log, c...

0· 339·0 current·0 all-time
by@littlejakub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: scripts create ~/.pulse-board, append per-job lines, compose a digest via openclaw agent (or mechanical fallback), deliver to Telegram/Discord/log, and provide plug/unplug/install helpers. Required binaries and metadata correspond to the behavior.
Instruction Scope
Instructions and scripts do exactly what's described. They explicitly source a user-provided secrets env (if present) into cron-wrapped commands and pass the raw pending.log to the configured OpenClaw agent as prompt context — this is intentional and documented in multiple places. That behavior enlarges the privacy surface (logs may be transmitted off-host if the agent uses a remote LLM).
Install Mechanism
No remote download/install is performed — installer is an included script that writes files under the user's home and updates user crontab (via python3). No network installs or opaque external archives are used.
Credentials
No unexpected credentials or unrelated environment variables are required. Optional env vars and the secrets env file are used only to source delivery credentials and (optionally) LLM/workspace keys; install.sh only appends keys to the secrets env with explicit consent. The scope of env access is proportional to the stated functionality.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configurations. It writes only to ~/.pulse-board and the user crontab (user-level). Cron entries and registry files are created/removed via provided scripts with confirmation prompts.
Scan Findings in Context
[pre-scan-injection-signals] expected: No injection signals detected. The key behavior of concern (raw log passed to an LLM) is implemented intentionally and is documented rather than hidden — scanner absence is consistent with the visible code.
Assessment
This skill appears to do what it says. Before installing: (1) review the secrets env file it will source and ensure it contains only credentials you are comfortable sourcing into cron jobs; (2) verify the OpenClaw agent you configure uses a local LLM (e.g., Ollama) if you want to keep raw logs on-host — otherwise the raw pending.log will be included in the prompt and may be sent to a remote LLM; (3) ensure the jobs you plug do not print secrets to stdout/stderr (Pulse Board cannot prevent wrapped jobs from echoing secrets into their detail logs); (4) confirm the exact crontab changes when prompted by install.sh. If privacy is critical, either use the mechanical fallback only, run the digest agent with a local-only OpenClaw setup, or avoid enabling LLM composition.

Like a lobster shell, security has layers — review code before you run it.

latestvk9744gz2syhsf4ramzj97b06x982ja08

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments