GOG Stale Games Cleaner
PassAudited by ClawScan on May 11, 2026.
Overview
The skill’s behavior matches its description, but it will use your configured email account, send local game/install-path details, and create persistent Reminders when run normally.
Run the dry-run command first, confirm the GOG library file and email account are correct, and be aware that full runs send an email and create Apple Reminders. If you enable the suggested cron schedule, review it periodically to avoid repeated or duplicate reminders.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A normal run can send mail using your configured email account.
The script uses a locally configured Himalaya email account to send the report. This is expected for the stated email-reporting purpose, but it relies on the user’s existing email account/profile.
EMAIL_ACCOUNT="${EMAIL_ACCOUNT:-personal}" ... himalaya template send --account "$EMAIL_ACCOUNT" < "$TMPFILE"Verify the Himalaya account and recipient before running, and use --dry-run first if you want to preview without sending email.
Your game list and local install paths may appear in an email report.
The emailed HTML report includes game names and install paths, so local library/path information is transmitted through the configured email provider.
HTML_BODY="...<th ...>Install Path</th>...${HTML_ROWS}..." ... himalaya template send --account "$EMAIL_ACCOUNT"Only run the full mode if you are comfortable emailing that information; otherwise use --dry-run or remove install paths from the report.
A full run can add multiple reminders to the configured Reminders list.
The script creates one Apple Reminder per stale game. This is the documented purpose, but it mutates the user’s Reminders data.
remindctl add --title "Consider uninstalling: $name" --list "$REMINDERS_LIST" --note "Last played: $LP_DISPLAY"
Use --dry-run first and check the target Reminders list, especially before running the skill repeatedly.
If scheduled, the skill may keep sending reports and adding reminders monthly.
The documentation suggests optional recurring execution through cron. This is disclosed and purpose-aligned, but it creates ongoing automated behavior if the user enables it.
After a successful run, schedule it monthly: ... Use the cron tool with an `agentTurn` payload that invokes this skill.
Only enable cron scheduling intentionally, and consider duplicate-reminder handling before recurring use.
The skill may fail or behave unexpectedly on systems without jq installed.
The script depends on jq at runtime, but the provided requirements list only himalaya and remindctl. This is a dependency declaration gap rather than evidence of malicious behavior.
STALE_JSON=$(jq --arg cutoff "$CUTOFF_EPOCH" ...); COUNT=$(echo "$STALE_JSON" | jq 'length')
Install jq before use, or update the skill metadata/prerequisites to declare it explicitly.