Quick Reminders
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: quick-reminders Version: 1.1.4 The 'quick-reminders' skill is designed for one-shot reminders and appears benign. The `SKILL.md` provides clear instructions for the agent, including guardrails and message composition guidelines, without any evidence of prompt injection attempts to subvert the agent. The `nohup-reminder.sh` script uses `nohup` and `sleep` to schedule reminders, leveraging `jq` for JSON management and `openclaw message send` for delivery. It employs robust shell scripting practices, such as `set -euo pipefail`, file-based locking, atomic JSON updates, and careful argument handling for the `nohup bash -c` command to mitigate shell injection risks. Temporary message files are created with `umask 077` for security, and PIDs are validated before `kill` operations. The `README.md` provides transparent documentation on data access, security considerations, and limitations, confirming no credential handling or unauthorized data exfiltration. All operations align with the stated purpose of a reminder skill.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A background process remains active until the reminder fires or is canceled, and reminders will not survive a machine reboot.
The skill intentionally leaves a local process running after the initial request so the reminder can fire later; this is disclosed and purpose-aligned.
Each reminder spawns **one detached `nohup` process** that sleeps for the specified duration, then calls `openclaw message send` and self-removes from `reminders.json`.
Use this for short reminders only, and use the provided list/remove commands to review or cancel pending reminders.
If the channel or target is wrong, the reminder message could be sent to the wrong chat or contact.
The reminder is delivered using the user's already configured OpenClaw messaging authority.
openclaw message send --channel "$channel" --target "$target" --message "$(cat "$msg_file")"
Verify the channel and target in TOOLS.md or in the command before relying on the skill.
Reminder text and chat or phone identifiers may remain in local files until the reminder is fired, canceled, or cleaned up.
The skill persists delivery target information and active reminder text/metadata in local files so future reminders can be sent correctly.
`TOOLS.md` | Read (always), write (once, if delivery target missing) ... `./reminders.json` | Read/write | Tracks active reminders
Avoid putting highly sensitive content in reminder text, and review or delete TOOLS.md entries and reminders.json if needed.