ClawHub

Quick Reminders

Security checks across malware telemetry and agentic risk

Overview

This is a transparent reminder skill that stores reminder text locally and sends it later through the user’s configured OpenClaw messaging channel.

Install this only if you are comfortable with reminder text, timing metadata, and delivery targets being stored locally and sent through your configured OpenClaw messaging account. Avoid sensitive reminder contents, verify the channel and target in `TOOLS.md`, and use list/remove commands to review or cancel pending reminders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script accepts a user-supplied `--channel` value and passes it directly to `openclaw message send`, while the skill metadata describes a reminder flow centered on a specific target mechanism. That expands the data-exfiltration surface beyond the declared behavior, allowing reminder contents to be routed over arbitrary messaging channels if the caller can invoke the script.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill description promises one-shot reminders under 48 hours, but `parse_time` only checks that the timestamp is in the future and never enforces a maximum delay. This enables long-lived persistence well beyond the advertised scope, which increases surprise, data retention time, and misuse potential.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README explicitly states that model invocation is enabled so the agent can create reminders autonomously from natural conversation. In a messaging/assistant context, broad natural-language triggering can cause unintended reminder creation from ordinary chat, creating actions without sufficiently explicit user intent. The risk is amplified because the skill also persists state and can write discovered delivery targets to TOOLS.md.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly sends reminder content through external messaging channels like Telegram, WhatsApp, Discord, Signal, and iMessage, but provides no user-facing disclosure that reminder text and metadata will be transmitted to third-party services. Because reminders may contain sensitive personal content, this can cause unintended privacy exposure and weak informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to extract delivery targets from session context and persist them into TOOLS.md, which creates unnecessary storage of contact identifiers such as chat IDs or phone numbers. Persisting these identifiers without minimization, retention limits, or disclosure increases the risk of privacy leakage, unintended reuse, and exposure through workspace files.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Reminder text is written in plaintext to `/tmp` and retained until the reminder fires or is removed. Even with `umask 077`, this creates at-rest storage of potentially sensitive user content outside the main JSON store and without any explicit disclosure, increasing privacy and forensic exposure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
A detached background process later transmits the stored reminder text via `openclaw message send`, which is an outbound side effect occurring after the initiating session ends. In a skill context, delayed autonomous delivery without prominent consent or disclosure is privacy-relevant because users may not realize content will be persisted and sent later.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal