Daily Recorder Assistant
v1.1.3每日状态记录与复盘助手。触发词:早反馈/morning query(晨间问询), 晚复盘/evening review(晚间总结)。支持能量评分、明日规划、当日分析和周期总结。自动识别频道(feishu/telegram/signal/discord),按 User ID 隔离状态数据。
⭐ 1· 141·1 current·1 all-time
by@tkctly
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (daily morning/evening queries, energy scores, planning, per-UserID isolation) match the files and runtime instructions: scripts read/write note files, maintain state.json, pick templates, and generate queries. The declared dependency on the OpenClaw CLI and a writable ~/.openclaw workspace is coherent with the code which expects OpenClaw metadata and cron integration.
Instruction Scope
Instructions and scripts operate on files under ~/.openclaw/workspace/notes and state.json (creating, reading, appending). That is expected, but the code includes an explicit --force option in init_cycle to bypass authorization checks and the daily_query -> record_feedback path can write to notes when it detects triggers; if an agent or user runs these with permissive arguments the skill will modify local note/state files. No code in provided files appears to access unrelated system files or network endpoints, but some parts (setup_cron integration) reference the OpenClaw CLI and cron—review setup_cron.py (omitted here) before enabling automatic scheduling.
Install Mechanism
This is instruction + script based with no install spec. No remote downloads or package installs are declared; lowest install risk. The SKILL.md asks you to have the openclaw CLI installed but the skill does not itself fetch code from external URLs.
Credentials
The skill requests no environment variables or external credentials. It requires write access to ~/.openclaw/workspace/ and expects the OpenClaw CLI to be available; both are proportionate to a local recording/cron-enabled skill. No secret/token variables are requested in the manifest or scripts.
Persistence & Privilege
always:false (no forced global inclusion). The skill writes persistent state (state.json) and note files under the user's OpenClaw workspace, which is appropriate for its purpose. Consider that the init script has a force bypass and the agent-default ability to invoke skills autonomously could allow automated writes to the user's notes if the agent is allowed to run these scripts—review invocation contexts and cron setup before granting broad autonomous execution.
Assessment
What to check before installing:
- Backup your ~/.openclaw/workspace directory (state.json and notes) before first run.
- Confirm you want a skill that will create and append to notes in ~/.openclaw/workspace/notes/daily-recorder/ and maintain ~/.openclaw/workspace/skills/daily-recorder-assistant/state.json.
- Ensure the OpenClaw CLI is installed and you understand how the gateway provides channel metadata; the skill relies on that to map user IDs and channels.
- Inspect setup_cron.py (omitted here) and decide whether you want scheduled automatic cron jobs enabled; disable cron if you prefer manual triggers.
- Be cautious about using init_cycle with --force or allowing an autonomous agent to call init_cycle/record_feedback with permissive args: those can bypass explicit authorization prompts and write records. If you want tighter control, require manual invocation only or remove/disable the --force code paths.
- If you handle sensitive personal data in these notes, consider storing the workspace on encrypted disk or restricting file permissions, since the skill stores plain-text notes locally.
- If you want higher assurance, review the omitted files (setup_cron.py and any remaining scripts) for network calls or external endpoint usage before enabling autonomous invocation.Like a lobster shell, security has layers — review code before you run it.
latestvk974xftc3k4zcy0qmd0xxmbb6d84ry3x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.