Add causal reasoning to agent actions. Trigger on ANY high-level action with observable outcomes - emails, messages, calendar changes, file operations, API calls, notifications, reminders, purchases, deployments. Use for planning interventions, debugging failures, predicting outcomes, backfilling historical data for analysis, or answering "what happens if I do X?" Also trigger when reviewing past actions to understand what worked/failed and why.
Security Analysis
medium confidenceThe skill appears to implement the causal-logging and estimation behavior it describes (backfilling history, logging actions, estimating effects) and does not contain obvious exfiltration or unrelated credential requests, but it will read and store sensitive personal data and has a small metadata mismatch you should review before enabling.
The name/description (causal reasoning for actions) match the included scripts: logging actions, backfilling emails/calendar/messages, and estimating treatment effects. However the registry lists no required binaries while the SKILL.md and scripts assume local CLIs (gog, wacli) are available; that's a mismatch the publisher should document. The code only targets data sources relevant to the stated purpose (email/calendar/messages).
Instructions explicitly tell the agent to backfill and log wide-ranging personal data (emails, messages, calendar events) and to trigger on 'ANY high-level action'. This is coherent with a causal layer but broad: the skill will collect and persist personally sensitive data from those sources. It does not instruct sending data to external network endpoints, but it does invoke local CLIs and reads/writes local files (/tmp and memory/causal/action_log.jsonl).
This is instruction-only with included scripts (no download/install step). No external archive downloads or obscure install URLs are present. Risk is limited to executing the included Python scripts and local subprocesses (gog, wacli) as described.
The skill declares no environment variables or credentials, which is appropriate in principle. In practice the scripts call local CLIs (gog, wacli) that will use whatever credentials those tools are configured with; the skill doesn't request or store additional secrets. Reviewers should be aware the skill relies on existing CLI configs (which may hold sensitive tokens) even though none are declared.
The skill writes its own action log to memory/causal/action_log.jsonl and creates those directories; it does not request always: true, does not modify other skills' configs, and does not request elevated system privileges. Its persistence is limited to its own files.
Guidance
What to consider before installing: - This skill will parse and store sensitive personal data (emails, messages, calendar events). Review the scripts (backfill_* and log_action.py) to ensure you are comfortable with what is written to memory/causal/action_log.jsonl and /tmp files, and where those files will remain on disk. - The SKILL.md expects local CLIs (gog, wacli). Confirm you need/want those CLIs to run here; they will use any credentials already configured in your environment even though the skill doesn't ask for credentials explicitly. - Test on a small or anonymized dataset first. If you enable it, consider limiting triggers (don't allow 'ANY action' globally) and periodically rotate/delete the action_log if it contains sensitive history. - If you need stricter privacy, run these scripts manually outside the agent, or modify them to sanitize/redact identifiers before writing logs. - Because the source is unknown, prefer running with user invocation only (not fully autonomous) until you trust the publisher and have audited the code.
Latest Release
v0.2.0
Expanded triggers to all high-level actions, added backfill scripts for email/calendar/messages, broader domain coverage
More by @oswalpalash
Published by @oswalpalash on ClawHub
