Outbound Auto Setup

This skill largely implements what it claims but has several issues you should address before installing: - Missing/undeclared dependencies: the code calls external commands (remindctl) and a script node create-cron-job.js, but the registry metadata lists no required binaries and create-cron-job.js is not included — expect runtime failures or silent behavior. Install and verify remindctl yourself or provide the missing cron-creation script. - Privacy: the hook logs full message text plus userId and channelId to ~/.openclaw/logs/outbound-auto-setup.log and writes to ~/.openclaw/workspace/memory/pending-tasks.md. If you enable this hook, those files will contain message contents and identifiers. Review/logrotate or restrict access if that is sensitive. - Autonomy vs confirmation: SKILL.md says it will ask first-time users for confirmation, but the code defaults CONFIG.enabled = true (and hook config enabled true). If you want manual approval, set CONFIG.enabled = false or don't enable the hook until you review code. - child_process.exec usage: the code shells out (exec). That works for integration but can be risky if commands or arguments are constructed from untrusted data. Review the command construction (remindctl arguments) and consider sanitizing inputs. Recommended steps before enabling: 1. Inspect the code locally and run tests (npm test). 2. Provide or review the missing create-cron-job.js or modify setupOutbound to a safe, included implementation. 3. Install and test remindctl in a controlled environment. 4. Set CONFIG.enabled = false until you're ready, and verify log/pending file locations and access controls. 5. If you need stricter behavior, modify the skill to require explicit user confirmation before creating reminders.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.