ClawHub
Back to skill
v1.0.0

**智能随机**:从8个维度、28个话题中均匀随机选择 - ⏰ **定时触发**:可配置的心跳机制,实现定时随机提问 - 🎨 **多维覆盖**:情绪、身体、思维、行动、关系、环境、反思、未来 - 🔧 **高度可定制**:支持话题库扩展、触发概率调整、个性化设置 - 📊 **使用统计**:详细的统计报告和图表分析 - 🔄 **上下文感知**:结合对话历史和个人档案

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:17 AM.

Analysis

The skill’s random-question purpose is clear, but it is designed to run automatically and retain or reuse personal reflection history without clear storage, backup, or deletion boundaries.

GuidanceInstall this only if you are comfortable with a scheduled self-reflection assistant that may use and retain personal conversation history. Before enabling heartbeat or memory features, review the configuration for active hours, trigger probability, personal-context use, answer retention, backups, and deletion options.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents
SeverityLowConfidenceHighStatusNote
example-openclaw.json
"heartbeat": {
    "enabled": true,
    "interval_minutes": 30,
...
"auto_load": true
...
"auto_announce": true

The example configuration enables periodic heartbeat execution, automatic loading, and automatic announcements. This is disclosed and purpose-aligned, but it is still autonomous recurring behavior.

User impactThe agent may ask reflective questions on a schedule during active hours rather than only when you manually invoke it.
RecommendationReview and adjust heartbeat settings, active hours, trigger probability, and auto_announce before enabling the skill.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
README.md
chmod +x install.sh
./install.sh
...
python3 scripts/question_stats.py --report
...
from scripts.random_selector import RandomQuestionGenerator

The README instructs users to run install and helper scripts, but the provided manifest contains only SKILL.md, README.md, HEARTBEAT.md, and example-openclaw.json. This creates a provenance gap for any missing helper code a user might obtain elsewhere.

User impactFollowing the README as written may fail, or may lead you to run additional code that was not included in the reviewed artifact set.
RecommendationOnly run helper scripts that are included in the package from a trusted source, and ask the publisher to either include the referenced files or remove those setup instructions.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
use_personal_context: true
  remember_previous_answers: true
...
4. 结合用户历史记录个性化问题
6. 记录本次提问和时间戳

The skill instructs the agent to use personal context and history, remember prior answers, and record timestamps. Because the prompt topics include emotional, physical, and relationship reflections, this persistent reuse is sensitive and the artifact does not specify clear storage, access, or deletion boundaries.

User impactYour personal reflections and conversation history could be reused or retained beyond the immediate question, which may affect privacy if the data is backed up or later surfaced in other contexts.
RecommendationDisable personal context and previous-answer memory unless you want them, and require the skill to document storage location, retention, backup behavior, deletion controls, and whether remembered answers are reused across tasks.