Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Smart Surprise
v1.1.0Proactively engages users with personalized casual messages at random intervals, learning preferences to deliver warm, varied conversations and check-ins.
⭐ 1· 47·0 current·0 all-time
byTuringCorp.net@turingcorp-net
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description match what the SKILL.md instructs: composing personalized messages, sending them via openclaw message send, and scheduling cron jobs. Required artifacts (config.json, topics.md, next_run.json) are consistent with a proactive messaging companion. No unrelated environment variables or binaries are requested.
Instruction Scope
Runtime instructions instruct the agent to read and write files under ~/.openclaw/workspace/skills/smart-surprise/, silently update topics.md on every run, and to create an indefinite chain of cron jobs that autonomously trigger the agent. Silent updates to user preference files and the permanent self-perpetuating cron chain are within the skill's purpose but are significant scope/surprise for non-technical users and could be used to persistently send messages or change local state without explicit per-run consent.
Install Mechanism
No install spec or remote downloads; this is an instruction-only skill with only local text files. That minimizes installer risk (no arbitrary code fetched at install time).
Credentials
The skill declares no required env vars or primary credential (good). It does, however, optionally read Google Calendar OAuth credentials from ~/.openclaw/secrets/google-calendar.json if the calendar topic is enabled — that is expected for calendar integration but involves sensitive tokens. The skill also assumes the OpenClaw messaging channels (Telegram/Discord/etc.) are already configured at the platform level so the agent can call openclaw message send; those platform credentials are not requested here but will be used by the cron-run agent.
Persistence & Privilege
Although always:false, the skill explicitly instructs creating a self-perpetuating sequence of cron jobs that run indefinitely and can autonomously send messages and modify topics.md. This grants ongoing autonomous presence and action on the host. Combined with silent updates and optional access to calendar credentials, this persistent capability is a notable privilege and user-risk vector.
What to consider before installing
What to consider before installing: 1) This skill will create repeating, self-managed cron jobs that run the agent autonomously and send messages to the configured channel — verify you want the assistant to reach out without per-message consent. 2) It will read/write files in ~/.openclaw/workspace/skills/smart-surprise/ (config.json, topics.md, next_run.json) and will silently update topics.md after each run; if you prefer manual control, do not enable. 3) If you enable the calendar topic, the skill may read Google OAuth tokens from ~/.openclaw/secrets/google-calendar.json — only provide those tokens if you trust the skill. 4) Before activating, set conservative min/max intervals and quiet hours in config.json and test with an isolated channel or test account. 5) To stop the skill, remove its cron jobs (openclaw cron list / rm) and delete ~/.openclaw/workspace/skills/smart-surprise. 6) If you are unsure, inspect or back up topics.md and config.json and monitor cron jobs/logs for unexpected behavior. If you want lower risk, avoid granting calendar credentials and keep longer intervals or run manually rather than using the self-perpetuating cron chain.Like a lobster shell, security has layers — review code before you run it.
latestvk97809jynrq5rnw3gd2kvkaxgx84tmdk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.