Reminder
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-reminder Version: 1.0.5 The skill aims to create reminders, a benign function. The `SKILL.md` explicitly instructs the AI agent to sanitize user-provided task content using `scripts/sanitize-message.sh` before passing it to the `openclaw cron add --system-event` command. The `sanitize-message.sh` script attempts to prevent shell injection and prompt injection by blacklisting command substitutions, shell metacharacters, newlines, double quotes, and dangerous command prefixes. While this demonstrates an awareness of security risks and an attempt to mitigate them, the reliance on a blacklist for sanitization is inherently vulnerable to bypasses. If the `--system-event` argument is eventually executed as a shell command or processed by another agent in a way that allows prompt injection, a bypass of this blacklist could lead to unauthorized execution or manipulation, classifying it as a vulnerability rather than intentional malice.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A reminder may cause the agent to act on the scheduled text later, not just display a passive notification.
The reminder content supplied by the user is scheduled as a system event in the main session, which is expected for this skill but gives that text influence over the later agent action.
`--system-event` - System event payload for main session ... User-specified task content must be sanitized before passing to cron
Use this only for clear, intended reminders and avoid scheduling sensitive, destructive, or ambiguous tasks.
The skill can create a delayed task that runs later and posts a result to the current Discord destination.
The skill uses the OpenClaw cron command to create scheduled agent actions and send results back to Discord. This is purpose-aligned, disclosed, and bounded to one-time jobs.
openclaw cron add ... --system-event "Check Beijing weather" ... --announce ... --delete-after-run
Confirm the parsed time and reminder content before relying on it, and keep the one-time delete-after-run behavior.
Reminders are tied to the current Discord/account context and will be sent back to that destination.
The skill uses the current session's account and Discord routing context to deliver reminders. This is expected for Discord reminders and does not show credential exposure.
Use `session_status` tool to get current session's deliveryContext ... `--agent` - Get from `deliveryContext.accountId` ... `--to` - Get from `deliveryContext.to`
Install only if you are comfortable with reminders being delivered through the active Discord session context.
A reminder task remains scheduled until its trigger time, then should remove itself after completion.
The skill creates a persistent scheduled job, but the artifact states it is one-time and deleted after it runs.
`--delete-after-run` - Delete task after execution
Use reasonable reminder times and verify scheduled jobs if you need to cancel or audit them.