FamilyWall Integration
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent run with these environment variables can authenticate to FamilyWall through this skill and access account-backed family data.
The skill reads FamilyWall account credentials from the environment and logs in as the user, giving it delegated access to the FamilyWall account.
email = os.environ.get("FAMILYWALL_EMAIL") ... password = os.environ.get("FAMILYWALL_PASSWORD") ... success = client.login(email, password)Store the password carefully, restrict access to ~/.openclaw/.env, use a least-privileged or dedicated account if possible, and ensure the credential requirement is declared in metadata.
Mistaken or overly autonomous use could delete a family event, change shared lists, or send an unintended family message.
The documented commands can mutate FamilyWall account content by deleting events, changing list items, and sending messages.
`events delete EVENT_ID` ... `lists check ITEM_ID` ... `messages send THREAD_ID "Hello family!"`
Require explicit user confirmation before running create, delete, check/uncheck, list-create, or message-send commands.
Private family chats, location information, and feed content may be exposed to the agent session and any logs or transcripts that capture command output.
The skill can retrieve private family messages, member locations, and wall/feed content into the agent's working context and command output.
`messages read THREAD_ID --limit 20` ... `locations` ... `wall --limit 20`
Only invoke these read commands when needed, treat outputs as private, and ensure family members are comfortable with location and message access.