Scan Report
5 /100
reminder
Natural-language reminder secretary: capture events into git-synced workspace, schedule Telegram reminders via OpenClaw cron, and answer 'what's coming up' queries.
Purely declarative skill (documentation + template only) with no executable code, scripts, or binary artifacts — all behavior is clearly documented in SKILL.md.
Safe to install
Approve for use. No code execution or sensitive operations are present.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | SKILL.md: Reads/writes ~/.openclaw/workspace/reminders/events.yml |
| Shell | NONE | NONE | — | No shell execution found in any file |
| Network | NONE | NONE | — | No network requests, URLs, or IPs in any file |
| Environment | NONE | NONE | — | Only documented env vars REMINDER_TZ and REMINDER_OFFSETS_MINUTES; no credential… |
| Skill Invoke | NONE | NONE | — | Skill self-invocation implied by cron scheduling (OpenClaw platform) |
File Tree
3 files · 3.0 KB · 82 lines Markdown 1f · 72L
JSON 1f · 5L
YAML 1f · 5L
├─
▾
assets
│ └─
events.template.yml
YAML
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ No executable scripts or code files present
✓ All declared behavior is accurately described in SKILL.md
✓ No obfuscation, base64, or encoded payloads
✓ No credential harvesting or sensitive data access
✓ No remote script execution or curl|bash patterns
✓ No data exfiltration or C2 communication
✓ Only reads/writes a well-defined workspace YAML file (documented)
✓ Config env vars are benign (timezone, offsets only)
✓ No hidden instructions or prompt injection vectors
✓ Template file is an empty, safe YAML structure