ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Daily Memory Summary

v1.0.0

每日定时任务:从 computer_io 文件夹读取剪贴板和通知数据,写入每日 memory。

0· 95·0 current·0 all-time
by@gift-is-coding

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gift-is-coding/daily-memory-summary.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Daily Memory Summary" (gift-is-coding/daily-memory-summary) from ClawHub.
Skill page: https://clawhub.ai/gift-is-coding/daily-memory-summary
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install daily-memory-summary

ClawHub CLI

Package manager switcher

npx clawhub@latest install daily-memory-summary
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The script's stated purpose (read today's computer_io clipboard/notification files and write a daily memory) is consistent with the SKILL.md, but the script hardcodes absolute paths (/Users/wutianfu/...) rather than using a generic or $HOME-based path. That makes the skill specific to one user account and could either fail for other users or read another user's files if installed on a multi-user system. The SKILL.md and script also claim to 'update contacts', but the script only extracts matches to /tmp/contacts_$$.txt and immediately deletes it — it does not actually write into the CONTACTS_DIR.
Instruction Scope
Runtime instructions are limited to reading local files under a 'memory' workspace and writing a daily markdown file. This is within the described scope. However, the skill will read potentially sensitive local data (clipboard contents and notifications) from the user's workspace, so privacy risk exists even though there is no external network activity.
Install Mechanism
There is no install spec (instruction-only plus a local script). No network downloads or package installs appear in the bundle, so nothing external will be pulled during install.
!
Credentials
The skill declares no required env vars, but it uses hardcoded absolute paths into /Users/wutianfu/.openclaw/workspace/, which is disproportionate and user-specific. It also references a CONTACTS_DIR variable but never updates that directory; the script reads user data without declaring access expectations. While no credentials are requested, the script accesses local personal data (clipboard and notifications), which is sensitive.
Persistence & Privilege
always is false and model invocation is allowed (defaults). SKILL.md states a cron job is 'already configured' in ~/.openclaw/cron/jobs.json to run daily at 23:00, but there is no install step that creates that cron entry. This is an inconsistency: the skill claims scheduled persistence but provides no mechanism to create or verify it.
What to consider before installing
What to check before installing or running this skill: - Path behavior: The script hardcodes /Users/wutianfu/.openclaw/... which will not work correctly for other users and could read another user's files on a shared system. Change the script to use $HOME or a relative workspace path before use. - Privacy: The skill reads local clipboard and notification files (sensitive personal data). Only run it if you trust the environment and you are comfortable with those files being processed into a daily summary. - Contacts claim: The script claims to 'update contacts' but it only extracts matches to a temporary file and deletes it. If you expect contact database changes, inspect and modify the script to explicitly and safely write to your contacts store. - Cron/scheduling: SKILL.md says a cron job is configured but there's no install step that configures it. Verify ~/.openclaw/cron/jobs.json yourself if you want automatic scheduling, or set up your own scheduler. - Test safely: Run the script in a sandbox or on a copied subset of your workspace first to confirm behavior. Review and sanitize the grep/regex patterns to avoid accidental capture of unrelated sensitive strings (e.g., emails, tokens). - Least privilege: Run the script with the minimal user account that owns the memory workspace. If you don't want the skill to run autonomously, avoid enabling automatic scheduling or restrict agent invocation. If you want, I can suggest a corrected version of the script that uses $HOME, properly updates contacts when requested, and documents expected input/output paths.

Like a lobster shell, security has layers — review code before you run it.

latestvk978hbt9x1ggzw0p6vtcqb3nyn854wzz
95downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@gift-is-coding
latest
Download

Daily Memory Summary

文件结构

memory/YYYY-MM-DD/
├── computer_io/
│   ├── clipboard/
│   │   └── timestamp.md    # 剪贴板数据
│   └── notification/
│       └── timestamp.md    # 通知数据
└── YYYY-MM-DD.md          # 每日 memory 主文件

使用方式

~/.openclaw/workspace/skills/daily-memory-summary/scripts/summarize.sh

工作流程

  1. memory/YYYY-MM-DD/computer_io/clipboard/ 读取最新剪贴板文件
  2. memory/YYYY-MM-DD/computer_io/notification/ 读取最新通知文件
  3. 合并内容,写入 memory/YYYY-MM-DD.md

定时任务

已在 ~/.openclaw/cron/jobs.json 中配置:

  • 任务名:Daily Memory Summary
  • 时间:每天 23:00(Asia/Shanghai)

Comments

Loading comments...