Patrick bot
WarnAudited by ClawScan on May 10, 2026.
Overview
Patrick is a purpose-aligned executive-expertise integration, but it asks the agent to gather broad private company data and can store/send results without clear data-boundary controls.
Install only if you are comfortable giving this workflow access to selected company context. Do not allow automatic reading of all Slack, JIRA, calendar, git, or operational data without explicit limits; review any output before using `send`; treat the license as a secret; and enable cronjobs only intentionally.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could read and reason over far more private company information than the user expected, including employee communications, tickets, calendars, and repository history.
This directs the agent to ingest broad, sensitive organizational data without clear path limits, exclusions, user approval points, retention rules, or guidance to treat retrieved content as untrusted.
Before running any Patrick expertise, you MUST... Read all available context: ... Slack message archives ... JIRA tickets ... Git commit history ... Calendar events ... Any operational data available ... Load this context into your working memory
Use only with explicitly selected data sources. Add allowlists, exclusions for secrets/personnel/private channels, and approval before loading or summarizing sensitive company data.
Executive summaries or analyses derived from sensitive company data could be stored or transmitted through Patrick in ways the user has not reviewed.
The skill supports bidirectional storage or transfer of generated results, but the artifacts do not clearly define what data may be sent, where it is retained, or what approval is required before sending.
`send` | Store results back to Patrick | `patrick-cli send daily-briefing --data @output.json` ... `get` = Retrieve your stored data/results THAT YOU SENT BACK
Review outputs before using `patrick-cli send`, avoid sending raw sensitive records, and require clear retention, deletion, and destination documentation from the provider.
The license may become visible in chat history or agent logs, and the agent can configure Patrick access for that account.
A Patrick license is an account credential. Asking for it in chat is purpose-aligned for setup, but it is sensitive and the registry metadata declares no primary credential.
Once you have your license, send it to me via chat: `Here's my Patrick license: <paste-your-license-here>` ... I'll configure it automatically.
Treat the license like a secret. Prefer a secret manager or manual CLI entry, and rotate or revoke the license if it is exposed in shared transcripts.
Installing the skill means trusting the remote Patrick download endpoint to provide the executable that will run locally.
The installer downloads an executable and its checksum from the same remote base URL. This is expected for the CLI install, but provenance depends on the Patrick server or any overridden PATRICK_SERVER_URL.
BASE_URL="${PATRICK_SERVER_URL:-https://portal.patrickbot.io}/downloads/latest" ... curl -fL "${BASE_URL}/${BINARY_NAME}" -o "$INSTALL_DIR/patrick-cli" ... curl -fsSL "${BASE_URL}/checksums-sha256.txt"Install only from the official source, avoid overriding the server URL unless you control it, and prefer independently signed or pinned releases when available.
Patrick commands may run automatically on a schedule without interactive review each time.
The documentation recommends recurring scheduled activity. It is disclosed and user-configured, but it can keep contacting the service and running tasks after the initial setup.
Patrick requires scheduled cronjobs to function properly ... License auto-renewal in cron ... `patrick-cli renew` ... `patrick-cli fetch daily-briefing --json`
Create cronjobs only after reviewing the exact commands, data paths, logs, and renewal behavior; disable them when no longer needed.