Morning Manifesto
v1.0.0Daily morning reflection workflow with task sync to Obsidian, Apple Reminders, and Linear
⭐ 3· 2.4k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description promise (append to Obsidian notes, create/update Apple Reminders, query Linear issues, transcribe audio) would reasonably require access to an Obsidian vault path or API, Apple account/reminders access, and a Linear API token. The skill declares no required env vars, no config paths, and no primary credential — that is inconsistent with the features it describes.
Instruction Scope
SKILL.md instructs the agent to transcribe audio via whisper.cpp, append to an Obsidian vault file for today's date, create/update Apple Reminders, and query Linear across all teams. It does not specify how to locate or authenticate to the Obsidian vault, where to run whisper.cpp (no binary declared), or what credentials/permissions to use for Linear or Apple Reminders. The instructions therefore assume access to user data and services without describing how that access is granted.
Install Mechanism
This is an instruction-only skill (no install spec, no code) which lowers risk in one sense. However, it explicitly mentions using whisper.cpp for transcription (a local binary) and calls other skills (apple-reminders). Those implied dependencies are not declared. The lack of an install step means it's unclear who/what is responsible for providing whisper.cpp or Obsidian integration.
Credentials
The runtime actions clearly require credentials or config: a Linear API token (or OAuth), Apple Reminders access (Apple credentials or a delegated token), and an Obsidian vault path or API. None are declared in requires.env or required config paths. That mismatch is a red flag: the skill asks (in its instructions) for access to potentially sensitive systems but does not declare or justify credential requirements.
Persistence & Privilege
always:false and normal autonomous invocation are fine. The skill plans to call other skills (apple-reminders) and perform write actions (append to vault, create reminders). Because it lacks declared credentials/config, it's unclear whether those actions would run under the user's direct control or require additional onboarding. No 'always' privilege or self-modifying install behavior is present.
What to consider before installing
This skill's described behavior requires access to your Obsidian vault, Apple Reminders, and Linear data and mentions using whisper.cpp, but it doesn't explain how those accesses or binaries are provided. Before installing or enabling it, ask the publisher: (1) How will the skill access your Obsidian files (path, local plugin, or cloud API)? (2) What credentials or OAuth flows are required for Apple Reminders and Linear, and where are tokens stored? (3) Does audio transcription run locally (whisper.cpp) or remotely, and who supplies that binary? (4) Which existing 'apple-reminders' skill implementation will be invoked and what permissions does it need? If you proceed, restrict tokens to least privilege, test with non-sensitive data, and confirm data flow (where copies of your notes and tasks are sent/stored). If the publisher can't clarify these points, treat the integration as risky.Like a lobster shell, security has layers — review code before you run it.
latestvk971sfv1nnd8s1hm3y6ka7ggyd7zkexd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌅 Clawdis