openclaw-tally

The code, package.json, skill.json, and SKILL.md all implement a local task-detection, ledger, and analytics system. Required binaries (node/npm) and the native sqlite dependency (better-sqlite3) are expected for this purpose. No unexpected credentials, network access, or unrelated binaries are requested.

SKILL.md says the skill registers a message-post hook and processes every message's text but stores only metadata. The code contains task detector, ledger, and analytics logic and does not persist raw message bodies. There is a small surface to note: the DB includes intent_summary and outcome_summary fields (strings) — the current detector returns empty summaries, but future changes could populate those fields with snippets. Confirm intent_summary/outcome_summary behavior if you want guarantees that no message text is ever persisted.

No install spec in registry, but the package contains package.json and package-lock.json; installation uses standard npm which will fetch dependencies from npmjs.org (including better-sqlite3). This is expected for a Node skill. The SKILL.md explicitly warns about the native build step. No downloads from untrusted URLs or extract-from-arbitrary-host steps were found.

The skill requires no environment variables or external credentials. File system access is limited to ~/.openclaw/tally/ (and tests allow /tmp). package.json/repo metadata points to a GitHub repo — not a secret or unrelated service. Overall requested environment access is proportional to the stated purpose.

The skill is not always-on and does not request elevated privileges. skill.json declares filesystem write/read only under ~/.openclaw/tally/, network: none, and exec: false. The code enforces a hardcoded default DB path within the user homedir and validates custom paths to /tmp; no modifications to other skills or system configs were observed.