GOG Sales Analytics
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: gog-sales-analytics Version: 1.2.2 The skill documentation in SKILL.md explicitly promotes the use of a persistence mechanism via cron jobs (scripts/weekly_run.sh) for automated execution. While this is framed as a feature for 'Sales Analytics,' the script logic itself is not provided in the bundle for inspection, and the skill requires GOG account credentials, creating a risk of unauthorized background activity or credential misuse.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could try to run a helper script whose contents were not supplied for inspection.
The provided artifact set contains only SKILL.md and _meta.json, so this referenced executable helper is absent from review. Running it would depend on unreviewed external or local code.
The `gog-sales-analytics` project includes `scripts/weekly_run.sh` for cron-based Monday auto-run:
Do not run the weekly_run.sh commands unless the script is included from a trusted source and reviewed; the package should include or remove the referenced helper.
If installed, the skill-related workflow could run weekly without a fresh prompt and potentially use account data or make changes depending on the missing script.
This command is explicitly for installing recurring cron execution, which can continue operating after the immediate user task; the reviewed artifacts do not bound the job's behavior.
./scripts/weekly_run.sh --install # add Monday 08:00 cron
Only install scheduled execution after explicit user approval, after reviewing the script, and verify that the uninstall command removes the cron entry.
Using library-management features may require giving the agent access to a GOG account.
GOG credentials are purpose-aligned for managing a GOG library, but the registry metadata declares no primary credential or required environment variable, and the auth method/scope is not described.
- Requires GOG account credentials for library management
Use only official, least-privilege authentication methods where possible and avoid providing credentials until the workflow and storage/handling are clear.