ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

screen-life

v1.0.0

macOS 数字生活日报:自动监控你每天在电脑上做什么,生成可读的行为报告。零配置,一键安装,后台静默运行。当用户想看今天用电脑做了什么、分析效率、查看应用使用时长时触发。

0· 57·0 current·0 all-time
byvine.xio@vineindalvik

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for vineindalvik/screen-life.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "screen-life" (vineindalvik/screen-life) from ClawHub.
Skill page: https://clawhub.ai/vineindalvik/screen-life
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install screen-life

ClawHub CLI

Package manager switcher

npx clawhub@latest install screen-life
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README/description says the skill will read app usage, browser history, Obsidian git, Whisper, etc., and run silently in the background. The packaged files only include handler.py and install.sh; there is no daemon.py or explicit Chrome/Safari/history-reading implementation included. install.sh attempts to copy a daemon.py (and handler.py -> report_generator) but daemon.py is missing from the package, so the declared background-monitoring capability is not actually present in the bundle as provided.
!
Instruction Scope
handler.py reads local logs (~/.orbitos-monitor/*), may load a local .env, and will POST report content to an LLM endpoint if OpenClaw-injected LLM envs exist. The SKILL.md claims '不上传任何内容' (no uploading) which contradicts run_llm_analysis (sends report text to base_url) and push_feishu (posts to FEISHU_WEBHOOK_URL). Feishu webhook env is used but not declared in requires.env. The instructions therefore permit transmitting local activity to external endpoints and also allow reading environment variables or .env files beyond what was documented.
!
Install Mechanism
There is no formal package install spec, but install.sh will create ~/.orbitos-monitor, write a LaunchAgents plist into ~/Library/LaunchAgents, and attempt to copy scripts into that directory and launch a persistent daemon via launchctl. However, the referenced daemon.py is not included in the package, so the install script is incomplete and may fail or leave a plist pointing to a missing binary. The script writes persistent system files (plist, logs) which is expected for a monitor but is higher-impact than a purely CLI skill.
!
Credentials
SKILL.md declares reliance on OpenClaw-injected LLM envs (OPENCLAW_LLM_API_KEY, OPENCLAW_LLM_BASE_URL, OPENCLAW_LLM_MODEL) which handler.py uses to send report content to a remote LLM — this is proportionate only if the user understands reports will be transmitted externally. However, the skill also reads a local .env and uses FEISHU_WEBHOOK_URL if present (not declared), meaning it may access and transmit sensitive tokens not listed in requires.env. The privacy statement claiming 'no upload' is contradicted by the code that posts data externally.
Persistence & Privilege
The installer creates a user LaunchAgent plist that RunAtLoad and KeepAlive, so the monitor will persist across logins and run continuously. The skill is not marked always:true in metadata (so it won't be auto-enabled in every agent run), but the install script gives it persistent system presence in the user's account — appropriate for a monitor, but a higher-privilege action that should be explicitly consented to. Combined with the ability to send data externally, this increases sensitivity.
What to consider before installing
Before installing: 1) Do not install or run the install.sh until you inspect the missing files — the package references daemon.py (activity daemon) which is not included; installation may fail or leave a LaunchAgent pointing at a missing script. 2) The privacy claim in SKILL.md is inaccurate: the handler will send report text to an external LLM endpoint (OPENCLAW_LLM_BASE_URL) if OpenClaw injects those env vars, and can post to a FEISHU webhook if FEISHU_WEBHOOK_URL is set. If you want strictly local-only operation, run handler.py with --no-llm and avoid setting any webhook env; still inspect the code for any network calls. 3) The installer writes a LaunchAgents plist and persists a daemon and logs under ~/.orbitos-monitor — review and backup before installing. 4) Check for expected missing components (daemon.py, any browser-history readers) and ask the maintainer for the complete source; the current bundle is incomplete and could be a packaging error or an attempt to mislead. 5) If you lack confidence in the package, prefer running the analysis on a disposable/macOS test account or sandbox, or request the full source and a human code review focusing on the daemon and any code that reads browser history or uploads data.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython3
latestvk97f9yndnrtc7c0js5tcqewvr584q97y
57downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
vine.xio@vineindalvik
latest
Download

screen-life

自动生成你的数字生活日报。后台静默运行,每天一份报告。

快速开始

cd /path/to/screen-life

# 一键安装(启动后台监控守护进程)
bash install.sh

# 查看今日报告(含 AI 洞察,需配置 LLM)
python3 handler.py

# 不含 AI 分析
python3 handler.py --no-llm

LLM 配置

OpenClaw 运行时自动注入以下环境变量(无需手动配置):

变量说明
OPENCLAW_LLM_API_KEYOpenClaw 当前 LLM 的 API Key
OPENCLAW_LLM_BASE_URLAPI 地址(标准 Chat Completions 格式)
OPENCLAW_LLM_MODELOpenClaw 当前选用的模型标识

三个变量均未注入时,跳过 AI 分析,仅输出原始日报。

命令

# 今日报告(含 AI 洞察)
python3 handler.py

# 今日报告(不含 AI)
python3 handler.py --no-llm

# 指定日期
python3 handler.py --date 2026-04-10

# 本周汇总
python3 handler.py --week

# JSON 输出
python3 handler.py --format json

# 推送到飞书
python3 handler.py --push feishu

# 管理守护进程
bash install.sh status    # 查看状态
bash install.sh stop      # 停止监控
bash install.sh restart   # 重启
bash install.sh uninstall # 卸载

输出示例

🖥️ 2026-04-11 数字生活日报

⏱️ 应用使用 TOP 5
  VS Code       4h 23m  ████████████  35%
  Chrome        3h 12m  █████████     26%
  AI 助手        2h 45m  ████████      22%
  微信          0h 48m  ██             6%
  Terminal      0h 32m  █              4%

🔍 浏览器热词(今日搜索 / 访问)
  AI编程 ×12  |  stock-analyzer ×8  |  飞书API ×5

📝 Obsidian 笔记变更
  新增 3 篇  |  修改 12 篇
  最活跃目录: 20_Project/OpenClaw/

💬 AI 工具使用摘要
  对话工具: 23 轮  |  主题: Skill开发、量化交易

📊 专注度评分: 82/100  🟢
  建议: 下午 3-4 点切换频率较高,可尝试设置专注时段

数据来源

来源数据权限要求
macOS NSWorkspace应用名称、使用时长
Chrome 历史搜索词、访问网站无(自动)
Safari 历史同上完全磁盘访问(可选)
Obsidian git笔记新增/修改
Cursor 对话AI 使用摘要

文件位置

~/.orbitos-monitor/
├── logs/            # 每日 JSONL 原始日志
│   └── 2026-04-11.jsonl
├── daemon.pid       # 守护进程 PID
└── daemon.log       # 运行日志

隐私说明: 所有数据仅存储在本地 ~/.orbitos-monitor/,不上传任何内容。

Comments

Loading comments...