daily-rhythm
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill instructions and code expect sensitive Stripe secret keys (sk_live_) to be stored in plaintext within a .env.stripe file.
- [DATA_EXFILTRATION] (HIGH): The skill accesses sensitive system paths for OAuth credentials (~/.openclaw/google-tasks/credentials.json) and stores processed financial and personal data in local JSON files. Under Category 2, any access to sensitive file paths is classified as a HIGH severity exposure finding.
- [COMMAND_EXECUTION] (MEDIUM): In scripts/sync-google-tasks.py, the code manually modifies the Python search path using an absolute reference to a specific user directory (/Users/tom/...), which is a high-risk pattern that can lead to library hijacking or unexpected code execution in shared environments.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: Google Task notes (sync-google-tasks.py), Calendar ICS feeds (CONFIGURATION.md), and weather reports. 2. Boundary markers: None present. 3. Capability inventory: Generates actionable advice and daily priorities via LLM processing. 4. Sanitization: None implemented.
Recommendations
- AI detected serious security threats
Audit Metadata