Pulse Board
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Pulse Board appears purpose-aligned and transparent, but it intentionally adds scheduled cron jobs and can send job logs to an agent and chat services, so users should review privacy and credentials before enabling it.
Before installing, review the full install.sh and plug.sh scripts, confirm exactly which cron entries will be added, use a dedicated low-privilege/local digest agent if logs may be sensitive, and keep bot tokens, webhooks, and secrets files tightly protected.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Automated install checks may not warn users about cron, curl, Python, or OpenClaw requirements before they run the scripts manually.
Registry metadata under-declares setup/runtime needs even though SKILL.md and _meta.json describe bash, curl, python3, crontab, and optional OpenClaw use.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Declare the required binaries and cron/network/file capabilities in registry metadata, and review the full scripts before running install.sh.
A compromised or untrusted job could write log content that attempts to steer the summarizing agent.
Cron log text is inserted directly into a prompt sent to a configured OpenClaw agent. If logs contain adversarial instructions, they could influence the digest agent's response.
Raw log: $(cat "$PENDING_LOG") ... openclaw agent --agent "$LLM_AGENT" --message "$PROMPT" --json
Use a dedicated low-privilege or no-tool digest agent, avoid feeding untrusted job output into pending.log, and consider stronger log delimiting/sanitization.
Plugged jobs will run automatically on schedule with the configured environment, so a mistaken command or overly broad secret file could have recurring effects.
The skill can wrap selected commands, source the configured secrets environment, and add them to the user's crontab.
echo "bash -c 'source $SECRETS_ENV && $cmd'" ... local cron_line="${cron} ${wrapped_cmd} >> ${detail_log} 2>&1 ... # pulse-board:${skill_safe}"Plug only trusted jobs, inspect the generated crontab lines, and keep the sourced secrets file limited to variables those jobs truly need.
Anyone with access to the config or secrets file may be able to post through the configured bot/webhook or use available environment credentials.
Delivery uses Telegram bot tokens, Discord webhooks, and a shared OpenClaw secrets env file when configured.
source "$HOME/.openclaw/shared/secrets/openclaw-secrets.env" ... BOT_TOKEN="$(cfg_under 'telegram' 'bot_token')" ... WEBHOOK="$(cfg_under 'discord' 'webhook_url')"
Use narrowly scoped bot/webhook credentials, protect config and secrets file permissions, and prefer environment variables over storing tokens in YAML when possible.
Operational logs, errors, file paths, or accidental secrets in job messages could leave the machine or be retained in agent/provider context.
The skill explicitly sends raw pending log content into the configured agent context and may indirectly transmit it to a cloud LLM.
The raw log is included in the prompt. If your agent uses a remote/cloud LLM, log content will be transmitted off-host.
Use a local-only agent for sensitive logs, prevent jobs from logging secrets, and review last-digest.md before enabling remote delivery.
Pulse Board will continue running on schedule until the user removes the cron entries or uninstalls/unplugs it.
The skill persists by adding scheduled user-crontab entries, which is expected for a twice-daily digest system.
`install.sh` | Adds two digest cron entries (`pulse-board-morning`, `pulse-board-evening`)
Confirm the cron entries during install and use unplug.sh or crontab -e to remove schedules you no longer want.