Morning Briefing Generator
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent for making a morning briefing, but it asks users to connect sensitive accounts and optionally schedule automated delivery of private information.
Before installing or using this skill, decide which accounts you really want included, grant the narrowest permissions available, avoid putting secrets in TOOLS.md or HEARTBEAT.md, and only enable the cron/Telegram automation after confirming where the briefing will be sent.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Connecting these accounts may allow the agent or its tools to read sensitive email, calendar, task, and messaging information.
The skill expects access to calendar, email, and messaging credentials. This is purpose-aligned for a briefing generator, but those permissions can expose private personal or work data.
- Google Calendar (OAuth) - Gmail (OAuth) ... - Verify bot token in .env
Use least-privilege OAuth scopes where possible, connect only accounts needed for the briefing, and revoke tokens if you stop using the skill.
Those preferences may be reused in future agent sessions and could reveal private account or health context to anyone with access to the files.
The skill suggests storing personal preferences, account identifiers, and health-related briefing rules in persistent agent configuration files.
Add to `TOOLS.md` or `HEARTBEAT.md`: ... - Calendar: work@company.com, personal@gmail.com - Email Accounts: work@company.com, personal@gmail.com - Additional: Include Oura Ring sleep score if below 70%
Do not store secrets in these files, keep the preferences minimal, and remove or update the entries when they are no longer needed.
Sensitive briefing contents could be delivered to the wrong chat, workspace, or provider account if the destination is misconfigured.
The briefing may be automatically sent through an external messaging provider and can contain private email, calendar, task, and health summaries.
Create a cron job that runs every weekday at 7am. Generate my morning briefing and send it via Telegram.
Confirm the exact delivery destination, avoid including highly sensitive fields unless needed, and test with non-sensitive output first.
A scheduled briefing could keep accessing accounts and sending private summaries even when you no longer expect it.
The skill documents a recurring scheduled workflow. It is disclosed and user-directed, but it can continue running after setup until disabled.
### Automated Daily Briefing (Cron) ``` Create a cron job that runs every weekday at 7am. Generate my morning briefing and send it via Telegram. ```
Set up cron only if you want recurring automation, document where the job is installed, and remove or disable it when no longer needed.