Safety Report

Nightly Build

Name: Nightly Build
Author: 0xRaini

Automates nightly maintenance tasks like skill audits, updates, cleanup, and health checks, then summarizes a morning report.

621Downloads

6Installs

0Stars

2Versions

Workflow Automation8,822 Browser Automation5,375 Security & Compliance3,689 Monitoring & Logging3,137

Security Analysis

high confidence

Clean0.08 risk

The skill's code and runtime instructions align with a nightly maintenance/reporting tool: it scans the workspace and installed skills, checks git/npm state, cleans old logs, and writes a report to the workspace memory folder.

Feb 11, 20263 files2 concerns

Purpose & Capabilitynote

Name/README indicate nightly maintenance and reporting. The code performs system checks, npm audit, git status checks, and log cleanup inside a workspace -- all consistent with that purpose. Minor mismatch: SKILL.md mentions 'Auto-Update: Pull latest changes from git repos' but the provided scripts only check git status/remote update and do not perform automatic 'git pull' or forced updates.

Instruction Scopenote

SKILL.md asks the agent to schedule and run maintenance tasks; the scripts follow that scope. The scripts run shell commands (git, npm audit, df, uptime, vm_stat), read the workspace/skills/memory directories, delete .log files older than 7 days in the memory directory, and write a nightly report. These actions are within the stated task set, but they will read repository files (package.json, SKILL.md) and run npm audit (which may contact the network) and remove logs in MEMORY_DIR — so the agent will surface filesystem and command output to whoever reads the report.

Install Mechanismok

Instruction-only with two script files; no install spec and no external download. Lowest-risk install mechanism.

Credentialsok

No required environment variables or credentials. Scripts optionally honor WORKSPACE_DIR which is reasonable. No requests for unrelated secrets or config paths.

Persistence & Privilegeok

always is false and the skill does not request elevated system persistence. It writes reports and logs to the workspace memory directory and may delete old logs there — this is consistent with a cleanup task. It does not modify other skills' configs.

Guidance

This skill will read your workspace and the skills/ and memory/ directories, run system/git/npm commands, remove .log files older than 7 days in the memory directory, and write a nightly-report.md there. Before installing: 1) Confirm WORKSPACE_DIR will point to the intended project (or set it explicitly). 2) Ensure there are no secrets or sensitive files in the workspace/skills directories you don't want read or included in reports. 3) If you rely on logs, back them up since the skill deletes old .log files in MEMORY_DIR. 4) Test a manual run first (nightly run) to inspect the report output and network activity (npm audit and git remote update can contact external services). The small mismatch between the SKILL.md 'auto-update' wording and the scripts (which only check status) is likely benign but worth noting.

Latest Release

v1.1.0

v1.1: Pure ESM Node.js, system health + disk + skill audit + memory stats + git status + auto cleanup

More by @0xRaini

Soulmate

3 stars

Crypto Watcher

2 stars

Skill Audit by Raini

0 stars

SkillTree

0 stars

YouTube Digest

0 stars

Molt-Solver

0 stars

Published by @0xRaini on ClawHub