DreamCycle
PassAudited by ClawScan on May 8, 2026.
Overview
DreamCycle appears to be a coherent log-analysis skill, but it installs an external CLI and reads/persists information derived from potentially sensitive agent session logs.
This skill looks purpose-aligned and does not show malicious behavior in the provided artifacts. Before installing, verify the external dreamcycle package source and run diagnostics only on log folders you are comfortable processing, especially because agent session logs may contain private prompts, tool outputs, or secrets.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may run package code that was not included in this review.
The skill directs installation of an external Python package, but the provided artifact set contains only SKILL.md and no package code to inspect. This is purpose-aligned for a CLI skill, but users should verify the package source.
pip install dreamcycle
Install only from a trusted package source, verify the GitHub/PyPI identity, and consider pinning or reviewing the package before use.
Private prompts, outputs, or failure details in session logs may be processed and summarized into a persistent local history file.
The skill is designed to read agent message logs and persist trend history. That is disclosed and central to the purpose, but session logs can contain sensitive user data or misleading content that could affect future trend analysis.
Session files must be JSON format with a `messages` array containing `role`/`content` fields ... Trend data is stored at `~/.dreamcycle/scan_history.json`
Run it only on intended log directories, avoid logs containing secrets when possible, and delete or inspect ~/.dreamcycle/scan_history.json if you do not want retained trend data.