ClawBoss - AI Productivity Coach

What to check before installing or enabling ClawBoss: - Source and distribution: SKILL.md suggests installing via `npx clawboss@latest`, but the registry metadata lists no install spec and source/homepage are missing. If you plan to use npx, inspect the package on npm (publisher, version, tamper history) and the GitHub repo referenced in SKILL.md before running it. - Review files that will be written: The skill will create/modify files under your OpenClaw workspace (memory/tasks/*.md and memory/clawboss-state.json) and may inject templates into workspace files or require adding entries to openclaw.json. Back up existing workspace data and inspect any templates it will inject. - Inspect the remaining code not fully shown (state-manager.js and any omitted files) for unexpected network calls, unusual filesystem paths, or code that modifies system-wide configs. The reviewed files do not show outgoing network activity, but the omitted files are important to verify. - Persona and privacy: The persona set includes an 'intimate-partner' voice that uses affectionate language. That can encourage personal disclosures. If you want a strictly professional tone, switch persona to a coach/mentor/buddy style or inspect persona defaults. - Installation preference: Prefer manual install by copying the provided skill files into your skills directory so you can audit the code, rather than running npx blindly. If you must use npx, first confirm the npm package identity and inspect package contents. - If you lack the ability to audit the rest of the code, treat this as higher-risk: either refrain from network installs or run the skill in a restricted environment. If you want, I can (a) point out the specific locations to inspect in the omitted state-manager file, (b) search the repo manifest for HEARTBEAT.md / templates it plans to inject, or (c) help craft a checklist for auditing the npm package before running `npx`.