WhatPulse AI Agent Skill
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: whatpulse-ai-agent-skill Version: 1.0.0 The skill is designed to be benign, providing read-only access to a local SQLite database. The `SKILL.md` contains extensive and explicit 'CRITICAL SAFETY RULES' that instruct the AI agent to use `sqlite3 -readonly`, forbid all write operations (INSERT, UPDATE, DELETE, DROP, ALTER, CREATE, ATTACH, VACUUM, PRAGMA), and mandate a secure heredoc pattern for SQL execution to prevent shell injection. While the skill involves executing shell commands (`sqlite3`) and processing user input (`$ARGUMENTS`), the instructions are meticulously crafted to prevent malicious actions, data exfiltration, or persistence mechanisms. The instructions are defensive and aim to mitigate common vulnerabilities, not introduce them.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can run local database queries to answer usage questions, but the provided instructions aim to prevent modifying the WhatPulse database.
The skill explicitly authorizes command-line SQLite queries against a local database, while also imposing read-only constraints and forbidding write operations.
ALL queries MUST use `sqlite3 -readonly` ... NEVER run INSERT, UPDATE, DELETE, DROP, ALTER, CREATE
Use the skill only for intended WhatPulse questions and verify that queries continue to use sqlite3 -readonly against the expected database path.
Answers may expose private details such as websites visited, applications used, keyboard/mouse activity, and network patterns in the chat transcript.
The skill retrieves detailed local activity history as context for answers; this is aligned with its purpose, but the records can reveal sensitive behavioral patterns.
Keystrokes, mouse activity, application screen time, network bandwidth, website tracking, uptime, and profiles.
Use this skill only in trusted agent sessions and avoid asking broad questions if you do not want detailed activity history surfaced.
If followed, sensitive computer-usage history may be copied to cloud storage or a remote host where other systems or administrators could access it.
The optional remote-access guidance can move the WhatPulse database outside the local machine, making data exposure dependent on the user's cloud or remote-server configuration.
For AI agents running on a remote server, sync the database periodically ... Sync via cloud storage (Dropbox, OneDrive, etc.) or `rsync`.
Only enable remote sync if necessary, protect the synced database with strong access controls or encryption, and avoid syncing it to shared or untrusted locations.