GOG Cleanup
PassAudited by ClawScan on May 11, 2026.
Overview
The skill appears to do what it says, but it uses your email and Apple Reminders accounts and includes local game install paths in the emailed report.
Before installing, make sure you are comfortable letting this skill read your GOG library config, use your Himalaya personal email account, and create Apple Reminders. Verify the email recipient and reminders list, use SKIP_EMAIL=1 or SKIP_REMINDERS=1 if needed, and treat the owner metadata mismatch as a reason to review the source before scheduling recurring runs.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can add items to your Apple Reminders account.
The script uses a local CLI to create a Reminders list and add reminders. This mutates user data, but it matches the documented purpose and is limited to reminder creation.
remindctl list "$REMINDERS_LIST" --create ... remindctl add --title "$reminder_title" --list "$REMINDERS_LIST"
Use SKIP_REMINDERS=1 if you only want the email report, and verify the target reminders list before scheduling repeated runs.
The skill can send mail from your configured Himalaya account and create reminders in your Apple Reminders data.
The skill relies on existing local account authority for email and Apple Reminders. This is disclosed and purpose-aligned, but it is still delegated account access.
Himalaya must be configured with a `personal` account ... Adds each stale game to the **Gaming** list in Apple Reminders via `remindctl`
Confirm that the Himalaya `personal` account and Reminders access are the accounts you intend to use.
It may be harder to verify who published or maintains the skill.
The package _meta.json ownerId differs from the supplied registry Owner ID `kn72jmd20ws94jr0p8b3p24wyn82abgj`, and the listing has no source or homepage. This is a provenance gap, though the included code is visible and no hidden installer is present.
"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "slug": "gog-cleanup"
Install only if you trust the registry entry and reviewed source, and consider asking the publisher to fix the owner metadata.
Your game list and installation paths may be stored in your mailbox or processed by your email provider.
The emailed digest includes local install paths and is sent through the configured Himalaya email provider. This is disclosed by the skill, but it moves local system details into email.
email_body+="<tr ...>...${install_path}</td></tr>" ... himalaya --account personal template send < "$tmp_mml"Check EMAIL_TO before running, use SKIP_EMAIL=1 if you do not want an email sent, and avoid sending reports to recipients you do not control.
If you schedule it, the skill can repeatedly send emails and add reminders over time.
The documentation describes optional recurring execution. It is not installed automatically, but scheduling would make the skill run persistently.
To run weekly via cron: ... 0 9 * * 1 /path/to/scripts/gog-cleanup.sh ... Or use OpenClaw's cron tool for agent-managed scheduling.
Only add a cron or OpenClaw schedule if you want recurring cleanup reports, and periodically review any scheduled job.