Skillv1.0.0

ClawScan security

Daily Brief Digest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 13, 2026, 11:42 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is mostly coherent with its stated purpose (reading local email/calendar, assembling a digest, and saving a log) but has a few concerning omissions and privacy risks — notably it persistently writes full reports to your home directory and relies on local CLIs (himalaya, gog) that are not declared in the registry metadata.
Guidance: What to consider before installing: - This skill reads your local email and calendar using the himalaya and gog CLIs and will save full digests as permanent Markdown files in ~/.openclaw/cron/DailyDigest_logs/ by default. If you keep sensitive content in email/calendar, these logs will persist on disk. - The registry metadata does not declare the required binaries (himalaya, gog). Confirm those tools exist and are what you expect before running the skill. - The skill will send a short notification via the platform's `message` tool to your configured channel (Telegram/WhatsApp/Webchat). Decide whether you’re comfortable with summaries being posted to those external channels. - If you want to reduce risk: modify scripts/digest.js to avoid storing full message bodies (or encrypt/limit stored fields), change the log location or permissions, require manual approval before saving/sending, or disable cron automatic scheduling until you’ve reviewed behavior. Given these facts, the skill appears to do what it claims but has privacy and manifest inconsistencies worth addressing before enabling automated runs.

Review Dimensions

Purpose & Capability: noteThe skill's description (email via himalaya, calendar via gog, plus news) matches the code and instructions. However the registry declares no required binaries while SKILL.md and scripts/digest.js clearly depend on local CLIs (himalaya and gog). That omission is an inconsistency the user should be aware of.
Instruction Scope: concernInstructions explicitly tell the agent to read local email (himalaya) and calendar (gog) and to fetch news via web_fetch/browser — these actions are within the described purpose but are sensitive. Crucially, the skill (and the script) automatically writes a permanent Markdown log containing the assembled digest to ~/.openclaw/cron/DailyDigest_logs/ without requiring user approval each run; that persistent storage of potentially private emails/calendar items is a privacy/security risk and should be disclosed to or controllable by the user.
Install Mechanism: okThere is no install spec (instruction-only) and the included script is small and local; nothing is downloaded from external URLs. This is low install-risk, but the script will create files under the user's home directory when run.
Credentials: noteNo credentials or environment variables are requested, which is reasonable. The script uses HOME/USERPROFILE to write logs (expected). However, the skill expects local binaries (himalaya, gog) but the registry metadata lists none — a proportion/manifest mismatch. Also the skill uses the `message` tool to notify external channels (Telegram/WhatsApp/Webchat) — that can transmit summaries outside the device and should be considered when granting permission to run automatically.
Persistence & Privilege: concernThe skill does not request elevated 'always' privilege, but it does persistently log digests into a dot-folder in the user's home directory every run (scripts/digest.js auto-creates ~/.openclaw/cron/DailyDigest_logs/[date].md). That persistent storage of email/calendar content increases exposure if other processes or backups access this folder; the cron guide encourages scheduling automatic runs, which amplifies the privacy/attack surface.