ClawHub
Back to skill
v1.0.0

Morning Manifesto

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:51 AM.

Analysis

The workflow is coherent and disclosed, but it deserves review because it can automatically change Apple Reminders from free-form responses and access personal/work systems.

GuidanceBefore installing, decide whether you are comfortable with the agent writing to your Obsidian vault, creating and updating Apple Reminders, and reading urgent Linear issues across all teams. The safest improvement would be requiring a review-and-confirm step before any Reminder changes are made.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
For each task/commitment mentioned:
- **If task exists**: Update its due date to today
- **If new task**: Create a new reminder with due date today

This directs the agent to mutate Apple Reminders automatically from parsed free-form user input, including changing existing reminder due dates, without an explicit preview or approval step.

User impactA misparsed or ambiguous morning response could create unwanted reminders or change the due dates of existing reminders.
RecommendationAdd a confirmation step that shows the exact reminders to create or update, including the matched existing reminder, before making changes.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Query all teams for issues with priority = urgent (1).

The Linear access is disclosed and read-only in the instructions, but querying all teams can expose broad workspace data depending on the user's Linear permissions.

User impactThe final summary may include urgent issues from every Linear team the connected account can access, not just a specific project or team.
RecommendationConsider limiting the Linear query to selected teams or asking the user which teams should be included.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Parse the response and append to today's note in the Obsidian vault (🔥 Fires).

The skill intentionally stores personal daily reflection content in a persistent local knowledge base, which is purpose-aligned but sensitive.

User impactPrivate reflections, tasks, and priorities may become part of a persistent Obsidian note and could be reused or searched later depending on the user's Obsidian setup.
RecommendationUse this only with the intended vault and avoid including information you do not want stored in daily notes.
Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Use the `apple-reminders` skill for this

The workflow delegates reminder creation and updates to another skill, so task details are passed across a skill boundary.

User impactReminder data and parsed tasks may be handled by the separate apple-reminders skill, whose behavior and permissions are not described in this artifact.
RecommendationReview the apple-reminders skill separately and confirm it only performs the expected Reminder operations.