Safety Report

Quick Reminders

Name: Quick Reminders
Rating: 5 (8 reviews)
Author: lstpsche

Zero-LLM one-shot reminders (<48h) via nohup sleep + openclaw message send, operated via {baseDir}/scripts/nohup-reminder.sh.

2,962Downloads

11Installs

8Stars

6Versions

CLI & Shell Tools1,805 Calendar & Scheduling1,462 AI & Machine Learning1,383 Networking & DNS1,102

Security Analysis

high confidence

Clean0.04 risk

The skill's code, runtime instructions, and declared requirements are coherent with its stated purpose (short-lived reminders via the openclaw CLI); nothing requested or installed is disproportionate or unexplained.

Feb 11, 20263 files1 concern

Purpose & Capabilityok

Name/description, required binaries (jq, openclaw), and the included script all match: the skill composes a message at creation time and uses a background nohup sleep + openclaw message send to deliver it. There are no unrelated credentials, binaries, or platform installs requested.

Instruction Scopenote

SKILL.md instructs the agent to compose messages, read TOOLS.md (and fallback to session_status.deliveryContext.to) and possibly write TOOLS.md when delivery target is missing. The included script itself only expects --target and does not touch other system credentials. Be aware this implies the agent will read and may write workspace files (TOOLS.md, reminders.json) — which is expected for delivery-target discovery but is a scope to note.

Install Mechanismok

No install spec — instruction-only with a bundled script. No remote downloads or archive extraction; nothing is written to system locations beyond workspace files and /tmp, which is consistent with a lightweight helper.

Credentialsok

The skill declares no secrets and only requires the openclaw CLI (which uses existing gateway credentials). The script accepts a few environment overrides (REMINDERS_JSON, REMINDER_TARGET, REMINDERS_LOCK_DIR) which are reasonable for configurability. Note: it will use whatever authentication the local openclaw binary is configured with, but it does not request or read tokens itself.

Persistence & Privilegeok

The skill does not set always:true. It spawns detached background processes (one per reminder) under the invoking user; reminders do not survive reboots and the script documents this limitation. Autonomous invocation is allowed (intentional for assistant workflows) — this is expected but you may choose to disable autonomous invocation if you want explicit control.

Guidance

This skill appears to do exactly what it says: short-horizon reminders delivered by the local openclaw CLI. Before installing, check these points: 1) The agent will read (and may write) workspace files: TOOLS.md (for delivery target) and reminders.json (tracking). If your workspace is shared or backed up, be comfortable with reminder metadata being stored there. 2) Deliveries use your local openclaw CLI configuration — ensure your OpenClaw gateway credentials and channels are properly secured. 3) Background reminders spawn detached sleep processes under the same user; they are lightweight but can accumulate if abused (monitor or limit usage if needed). 4) Reminders do not survive machine reboot. 5) If you do not want the agent to create reminders autonomously from natural conversation, set disable-model-invocation: true. Overall this skill is internally coherent and proportionate; use the above mitigations if any of the noted behaviors are unacceptable for your environment.

Latest Release

v1.1.4

- No user-visible changes; - README updated.

More by @lstpsche

Google Calendar (via gogcli)

4 stars

Weather via OpenMeteo (via openmeteo-sh cli; advanced ver)

2 stars

Briefing (Calendar Agenda, Weather, Pending To-Dos)

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Published by @lstpsche on ClawHub