GOG Dormant Game Sweep
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may fail or behave differently if himalaya or remindctl is missing or configured differently than expected.
The skill depends on external CLIs and a configured mail setup, while the registry requirements list no required binaries or credentials. This can weaken install-time checks, although the dependency is disclosed in the documentation.
Requires: GOG library JSON, himalaya CLI for email, remindctl CLI for Apple Reminders.
Install and configure himalaya and remindctl yourself, and verify the intended account and Reminders list before running.
Running the skill without dry-run can send an email and create reminder entries on your device.
The script invokes external tools to send an email and add reminders. This is central to the stated workflow and uses argument lists rather than shell execution, but it still performs side effects.
cmd = ["himalaya", "message", "write", "--account", account, ...] cmd = ["remindctl", "add", "--title", title, "--list", reminders_list]
Run with --dry-run first, and use --no-email or --no-reminders if you only want part of the workflow.
The report will be sent from the selected local email account, which may be a personal account by default.
The skill uses a configured Himalaya email account to send the report. That account authority is expected for the purpose, and no tokens are embedded in the code, but users should confirm which account is used.
DEFAULT_HIMALAYA_ACCOUNT = "personal"
parser.add_argument("--himalaya-account", default=DEFAULT_HIMALAYA_ACCOUNT, help="Himalaya account name")Check your Himalaya account configuration and pass --himalaya-account explicitly if you do not want to use the default account.
Your game list, last-played information, and install paths may be sent to the chosen email recipient.
The emailed report can include local install paths and game activity data. Sending that data by email is disclosed and purpose-aligned, but it moves potentially private local information outside the script.
lines.append(f" Install path: {g.get('install_path', 'N/A')}")
if not args.no_email and args.email:
send_email(args.himalaya_account, args.email, subject, body)Only send the report to an address you trust, or use --no-email / --dry-run if you want to keep the information local.