WhatPulse AI Agent Skill
ReviewAudited by ClawScan on May 1, 2026.
Overview
The artifacts describe a coherent read-only WhatPulse database query skill, but it can expose sensitive computer-usage history to the agent and optionally to remote sync storage.
Before installing, be comfortable with your agent reading and summarizing your local WhatPulse history, including app use, website activity, input counts, and network statistics. Keep the database path scoped, preserve the read-only query pattern, and only use the optional remote-sync setup if the destination is private and well protected.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can run local database queries to answer usage questions, but the provided instructions aim to prevent modifying the WhatPulse database.
The skill explicitly authorizes command-line SQLite queries against a local database, while also imposing read-only constraints and forbidding write operations.
ALL queries MUST use `sqlite3 -readonly` ... NEVER run INSERT, UPDATE, DELETE, DROP, ALTER, CREATE
Use the skill only for intended WhatPulse questions and verify that queries continue to use sqlite3 -readonly against the expected database path.
Answers may expose private details such as websites visited, applications used, keyboard/mouse activity, and network patterns in the chat transcript.
The skill retrieves detailed local activity history as context for answers; this is aligned with its purpose, but the records can reveal sensitive behavioral patterns.
Keystrokes, mouse activity, application screen time, network bandwidth, website tracking, uptime, and profiles.
Use this skill only in trusted agent sessions and avoid asking broad questions if you do not want detailed activity history surfaced.
If followed, sensitive computer-usage history may be copied to cloud storage or a remote host where other systems or administrators could access it.
The optional remote-access guidance can move the WhatPulse database outside the local machine, making data exposure dependent on the user's cloud or remote-server configuration.
For AI agents running on a remote server, sync the database periodically ... Sync via cloud storage (Dropbox, OneDrive, etc.) or `rsync`.
Only enable remote sync if necessary, protect the synced database with strong access controls or encryption, and avoid syncing it to shared or untrusted locations.