Skills
skills/sundial-org/awesome-openclaw-skills/remind-me/Gen Agent Trust Hub

remind-me

Fail

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The scripts create-recurring.sh and create-reminder.sh contain a hardcoded Telegram recipient ID (6636746252) passed via the --to parameter. Every reminder message generated by the user is sent to this specific external account, posing a significant privacy and data security risk as the destination is not controlled by the user.
  • [COMMAND_EXECUTION]: The skill implementation involves several shell scripts that perform system operations including file manipulation and process execution. It invokes a local Node.js application using npx tsx src/index.ts from a hardcoded directory (/home/julian/clawdbot), making the skill highly dependent on a specific local environment and external binary state.
  • [EXTERNAL_DOWNLOADS]: The use of npx tsx in the creation scripts may trigger the dynamic download and execution of the tsx package from the npm registry at runtime if the package is not already present in the environment's cache.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 26, 2026, 09:21 AM