ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nex Life Logger

v1.0.3

Track computer activity (browser history, active windows, YouTube videos) locally and query it with AI. All activity data stays on your machine. LLM features...

1· 16·0 current·0 all-time
byNex AI@nexaiguy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description match the code: the package reads browser history, active window focus, extracts keywords and transcripts, stores them in a local SQLite DB and exposes a CLI. That capability set is coherent. HOWEVER the README and SKILL.md repeatedly state "No external API calls are made unless you explicitly configure an LLM provider." The collector code calls fetch_transcript (via the youtube-transcript-api library) and will fetch YouTube transcripts over the network even if you never configure an LLM provider. setup.sh also installs the openai package by default. This contradicts the "no external calls until configured" claim and is a meaningful mismatch between stated purpose/policy and actual behavior.
!
Instruction Scope
SKILL.md instructions are concrete (run bash setup.sh, then use the nex-life-logger CLI). The runtime instructions and examples are narrowly scoped to searching and summarizing local activity. The code follows those instructions. The problem: SKILL.md/README promise that external network calls only occur when you configure LLM; in practice the background collector will attempt to fetch YouTube transcripts (network I/O) during normal collection. The collector also copies browser DB files to temp, reads them, and securely overwrites the temp copy — those file-access actions are expected for the stated purpose.
Install Mechanism
There is no remote 'download-and-extract' install; installation is provided by the included setup.sh script, which creates a venv and pip-installs packages from PyPI (openai, psutil, youtube-transcript-api). Using PyPI is normal but requires network access during install. The script also writes a user systemd service or macOS LaunchAgent and installs a wrapper into ~/.local/bin. No untrusted third-party binary downloads or URL-shortened installers were observed. Moderate risk (persistent service + pip installs) but not unusually malicious.
Credentials
Registry metadata lists no required environment variables. The code optionally reads AI_API_KEY, AI_API_BASE, and AI_MODEL from the environment (and provides OS key-store fallback). These are reasonable and proportional to the optional LLM features. However the installer unconditionally installs the openai library and the collector fetches transcripts without requiring LLM configuration. The secure_key module will store/retrieve API keys via platform stores or a file; storing secrets to disk (even owner-only) is normal but worth awareness.
Persistence & Privilege
setup.sh creates and enables a user-level background service (systemd user or LaunchAgent) that runs the collector continuously (Restart=always/KeepAlive). That gives the skill persistent, long-running access to browser histories and active window events. That persistence is coherent with an activity-logger, but it is a high-sensitivity capability and requires explicit user consent. The skill does not set always: true in registry metadata, but the installer does enable automatic background execution.
What to consider before installing
What to consider before installing: - The collector will run as a background service and continuously read your browser history files and active window titles. This is expected for an activity logger, but it is sensitive — only install if you trust the author and understand that data will be stored locally at ~/.life-logger. - The README/skill claim "no external API calls unless you configure an LLM" is misleading: the collector fetches YouTube transcripts (network requests via the youtube-transcript-api) by default (FETCH_TRANSCRIPTS = True). If you do not want any network activity, disable transcript fetching in the code/config before starting, or run the collector with network blocked. - The installer will pip-install packages (openai, psutil, youtube-transcript-api). That requires network access during install and will add libraries to a virtualenv under ~/.life-logger/venv. - The skill offers local secure storage for API keys; if you configure an LLM provider, prefer setting AI_API_KEY in a secure environment variable or verify how keys are stored by secure_key.py (it may fallback to a base64 file or platform API calls). - Recommended actions: inspect lib/youtube_transcript.py and collector_headless.py to confirm transcript endpoints and behavior; run setup.sh manually (read it first) rather than blindly via a package manager; consider running the skill in a VM or isolated account first; review and/or customize user_filters and config (e.g., turn off FETCH_TRANSCRIPTS or add sensitive domains) before enabling the service; verify file permissions on ~/.life-logger and the systemd/LaunchAgent unit contents before enabling. - If you need absolute assurance of no network I/O, do not install or block network access for the collector process. If you proceed, be cautious about configuring an LLM API key (it grants the skill the ability to call that provider).

Like a lobster shell, security has layers — review code before you run it.

latestvk97d77w50kd4sbgx4rhh6jv9198470fx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binspython3

SKILL.md

Nex Life Logger

AI-powered local activity tracker. Your agent remembers everything you did on your computer. All activity data stays on your machine. LLM features require explicit configuration.

When to Use

Use this skill when the user asks about:

  • Their browsing history, what websites they visited
  • What they were working on yesterday, last week, this month
  • Their computer activity or screen time
  • Time spent on specific topics, websites, or applications
  • YouTube videos they watched and what was discussed in them
  • Their productivity patterns or how they spent their time
  • Searching their personal history for anything (tools, topics, projects)
  • Generating summaries of their activity (daily, weekly, monthly)
  • Keywords, topics, or tools they've been using
  • Exporting their activity data

Trigger phrases: "what was I doing", "browsing history", "computer activity", "what did I work on", "time spent", "YouTube watch history", "productivity", "what I did yesterday", "last week", "search my history"

Quick Setup

If the database does not exist yet, run the setup script:

bash setup.sh

This creates the data directory, installs dependencies in a virtual environment, initializes the database, and starts the background collector service.

Available Commands

The CLI tool is nex-life-logger. All commands output plain text.

Search

Search across all tracked data (activities, summaries, keywords, transcripts):

nex-life-logger search "docker containers"
nex-life-logger search "machine learning" --since 2026-03-01 --until 2026-04-01

Summaries

View AI-generated summaries:

nex-life-logger summary daily
nex-life-logger summary daily --date 2026-04-03
nex-life-logger summary weekly
nex-life-logger summary monthly
nex-life-logger summary yearly

Activities

View recent raw activities:

nex-life-logger activities --last 2h
nex-life-logger activities --last 1d
nex-life-logger activities --since 2026-04-03 --until 2026-04-04
nex-life-logger activities --kind youtube
nex-life-logger activities --kind search
nex-life-logger activities --kind app_focus

Keywords

View extracted keywords and topics:

nex-life-logger keywords --top 20
nex-life-logger keywords --category tool
nex-life-logger keywords --since 2026-04-01

Transcripts

View YouTube video transcripts:

nex-life-logger transcript <video_id>
nex-life-logger transcripts --last 7d

Statistics

nex-life-logger stats
nex-life-logger stats --date 2026-04-03

Generate Summaries

Generate AI summaries on demand (requires LLM configuration):

nex-life-logger generate daily
nex-life-logger generate weekly
nex-life-logger generate monthly --date 2026-03-01

Export

nex-life-logger export json --output export.json
nex-life-logger export csv --output activities.csv
nex-life-logger export html --output report.html

Service Management

nex-life-logger service status
nex-life-logger service start
nex-life-logger service stop
nex-life-logger service logs

Configuration

nex-life-logger config show
nex-life-logger config set-api-key
nex-life-logger config set-provider openai
nex-life-logger config set-model gpt-4o

Example Interactions

User: "What was I working on yesterday afternoon?" Agent runs: nex-life-logger activities --last 1d --kind url and nex-life-logger activities --last 1d --kind app_focus Agent: Presents the activities naturally, grouping by topic.

User: "How much time did I spend on YouTube this week?" Agent runs: nex-life-logger activities --last 7d --kind youtube Agent: Counts the YouTube entries and presents a summary.

User: "Show me my productivity summary for last week" Agent runs: nex-life-logger summary weekly Agent: Presents the weekly summary if it exists, or runs nex-life-logger generate weekly first.

User: "What were the main topics I researched in March?" Agent runs: nex-life-logger keywords --since 2026-03-01 --top 20 Agent: Lists the top keywords and topics.

User: "Search my history for anything related to Docker" Agent runs: nex-life-logger search "docker" Agent: Presents matching activities, summaries, and transcripts.

User: "What YouTube videos did I watch about machine learning?" Agent runs: nex-life-logger search "machine learning" and looks at transcript results. Agent: Lists the videos and summarizes what was discussed based on transcript snippets.

User: "Generate a daily summary for today" Agent runs: nex-life-logger generate daily Agent: Shows the generated summary.

User: "Give me overall stats about my tracked data" Agent runs: nex-life-logger stats Agent: Presents the statistics in a readable format.

User: "What tools and languages have I been using the most?" Agent runs: nex-life-logger keywords --category tool --top 15 and nex-life-logger keywords --category language --top 10 Agent: Combines the results into a clear overview.

User: "Export all my data to JSON" Agent runs: nex-life-logger export json --output ~/life-logger-backup.json Agent: Confirms the export location.

Output Parsing

All CLI output is plain text, structured for easy parsing:

  • Section headers followed by --- separators
  • List items prefixed with -
  • Timestamps in ISO-8601 format
  • Every command output ends with [Nex Life Logger by Nex AI | nex-ai.be]

When presenting output to the user, strip the footer line and present the information naturally. Do not show raw database paths or internal details.

Important Notes

  • All activity data is stored locally at ~/.life-logger/. No telemetry, no analytics.
  • No external API calls are made unless the user has explicitly configured an LLM provider. There are no default API endpoints.
  • The background collector must be running for new data to be collected. If the user asks about tracking and the collector is not running, suggest nex-life-logger service start.
  • LLM configuration is required for AI-powered features (summary generation). The activities, keywords, stats, search, and transcripts commands work without LLM.
  • The collector fetches YouTube transcripts from YouTube (network access) when productive videos are detected.
  • The collector tracks: browser history (Chrome, Edge, Brave, Firefox), active window focus, and YouTube transcripts.
  • Chat/messaging apps and sensitive windows (password managers, banking) are automatically filtered out.
  • Only productive content is tracked (AI, programming, design, building, learning). Entertainment, politics, and news are filtered.

Troubleshooting

  • "Database not found": Run nex-life-logger service start or bash setup.sh to initialize.
  • "LLM not configured": Run nex-life-logger config set-api-key then nex-life-logger config set-provider <name>.
  • No recent data: Check if the collector is running with nex-life-logger service status. Start it with nex-life-logger service start.
  • Empty search results: The collector may not have been running during that time period. Check nex-life-logger stats to see the data range.

Credits

Built by Nex AI (https://nex-ai.be) - Digital transformation for Belgian SMEs. Author: Kevin Blancaflor

Files

16 total
Select a file
Select a file to preview.

Comments

Loading comments…