ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Proactive Pa

v1.0.1

Proactive Personal Assistant behavior patterns. Transforms the agent from a reactive task-follower into a proactive partner that anticipates needs, surfaces...

0· 35·1 current·1 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (proactive personal assistant) match the instructions: heartbeat checks, cron-based probes, memory upkeep, and proactive communications. The triggers and guardrails align with a PA that takes initiative.
!
Instruction Scope
The SKILL.md explicitly instructs the agent to read/write memory files (memory/YYYY-MM-DD.md, MEMORY.md, memory/heartbeat-state.json), run other skills (unanswered-messages), schedule crons that deliver messages to a specific phone number via WhatsApp, check email/calendar/cron health, and push to git/ClawHub. Those are broad actions touching data stores and external endpoints; the document gives concrete commands (openclaw cron add) that would send outbound messages. The skill does not include explicit consent/approval flows beyond a few guardrails, and sample commands embed a phone number and channel — so the agent could send external messages if given platform permissions.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes direct install risk because nothing is downloaded or written by an installer. The runtime risk comes from the actions the instructions tell the agent to perform, not from any installer.
!
Credentials
requires.env lists none, yet the instructions imply the need for multiple external credentials/permissions (WhatsApp or messaging provider credentials, phone routing, calendar and email API access, git/ClawHub credentials, access to other skills and workspace files). The skill does not declare primary credentials or required config paths for these capabilities, producing a mismatch between what it asks the agent to do and what it declares it needs.
Persistence & Privilege
always is false and the skill does not request system-wide changes. It instructs writing heartbeat-state.json and updating memory files, which is expected for a persistent assistant. Because it can be invoked autonomously (platform default), this increases impact if the agent is granted messaging/git/email permissions — combine that with other concerns.
What to consider before installing
This skill contains concrete instructions for autonomous checks and for sending messages and pushing code, but it doesn't declare the credentials or permissions needed to do those things. Before installing, confirm: (1) which platform credentials (WhatsApp/messaging provider, email/calendar API, git/ClawHub) the agent will use and whether they are scoped/limited; (2) whether outgoing messages to the listed phone number(s) are intended and authorized; (3) that there are approval/confirmation steps before sending messages or making public pushes; (4) where memory files are stored and how long they are retained. If you plan to enable this skill, test it in a safe environment with tightly scoped credentials and audit logs, and require explicit human approval for any first-time outbound communication or public publish action.

Like a lobster shell, security has layers — review code before you run it.

latestvk97850ey59h7w2swer0y9mwhxd842ncq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments