← Back to Skills Marketplace
hchawla

Homebase

by Harsh Chawla · GitHub ↗ · v0.3.2 · MIT-0
cross-platform ✓ Security Clean
183
Downloads
0
Stars
1
Active Installs
9
Versions
Install in OpenClaw
/install homebase
Description
Family household coordinator. Aggregates Google Calendar, runs a daily morning briefing (weather, schedule, kids meals, school snacks), watches school Gmail...
README (SKILL.md)

Homebase

A unified household assistant that runs as an OpenClaw skill. Built for families who want one place for the calendar, the meal plan, the grocery list, the school inbox, and the morning routine — without writing any code per family.

Features

  • Morning briefing — daily 7 AM weather + schedule + kids meal + school snack digest. Pre-flight health check, output validation, 30-day reliability tracker.
  • Calendar — Google Calendar sync + natural-language event creation.
  • Kids meals — config-driven per-kid breakfast/lunch/snack rotation with allergy and texture rules. Avoids same-meal-twice patterns from history.
  • Weekly meal planner — Saturday 6 PM draft, family revises by reply, Sunday 9 PM auto-lock. Max 2 revisions then auto-locks.
  • School email monitor — every 2 hours during school, parses Gmail for school flyers + PDF attachments, dedupes, surfaces important items.
  • Receipt + media watcher — receipt photos sent to WhatsApp get classified by caption keywords, then read by the OpenClaw agent's native vision and logged to a per-restaurant rating ledger.
  • Shopping list — per-store ("Costco", "Indian", "Target") item lists with atomic writes.
  • Health tracker — Tylenol/ibuprofen dose log per kid with weight-based safety limits and minimum-interval enforcement.
  • Trip detector — scans the calendar for upcoming trips, classifies the destination (mountain/beach/desert/urban), pulls weather, composes prep notes from per-kid profiles.

Architecture

Python tools return data. The OpenClaw agent (model-agnostic — Claude, Gemma, GPT, Llama, whatever OpenClaw is configured with) composes and delivers all user-facing messages. Python never sends WhatsApp and never calls any LLM. Every Python state file is written atomically (tempfile + fsync + rename) so a mid-write crash never leaves a corrupt JSON behind. Cron entry points have a top-level try/except so a crash always emits a parseable status object instead of silently swallowing the run.

Secrets handling

This skill needs Google OAuth credentials (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_REFRESH_TOKEN) to read your Google Calendar and school Gmail. No other API keys, no LLM keys, no third-party tokens.

Credentials are read from environment variables. On macOS they can optionally be migrated into the system Keychain via migrate_to_keychain.py and then removed from .env. The skill never transmits credentials anywhere except to Google's official OAuth endpoint via google-auth-oauthlib.

The only outbound network calls this skill makes are to documented services required for its features:

  • Google OAuth + Gmail + Calendar APIs (*.googleapis.com) for the calendar sync, school email monitor, and credential refresh
  • Open-Meteo (api.open-meteo.com) for weather forecasts in the morning briefing and trip detector — no API key, no account, no PII sent

There is no telemetry, no analytics, no third-party tracking, no calls to any other domain.

All household state (calendar cache, meal history, health log, kid profiles, restaurant ratings, shopping list, briefing reliability tracker) is stored as local JSON files in household/ and calendar_data/. Nothing leaves your machine.

File permissions. .env should be chmod 600 (the included setup_check.py verifies this). The household/ and calendar_data/ JSON files inherit your user umask — they're owned by the user running OpenClaw and not accessible to other local users on a default macOS or Linux setup. If you're on a multi-user system, audit those paths.

About the launchd plist

com.openclaw.daemon.plist in this repo is a template for the OpenClaw gateway daemon, not for Homebase code. The plist runs /usr/local/bin/openclaw start --foreground, which is what keeps the WhatsApp bridge alive across logins. It does NOT run any Homebase Python directly.

It's optional. You only need it if you want WhatsApp delivery to survive a logout or reboot. Without it, OpenClaw runs only while your terminal session is active. If you install it, it lives at ~/Library/LaunchAgents/com.openclaw.daemon.plist and can be removed at any time with launchctl unload.

Requirements

  • Python 3.12+
  • Google Cloud project with Gmail + Calendar APIs enabled
  • WhatsApp delivery via OpenClaw (no direct integration in this skill)
  • Image vision is handled by the OpenClaw agent's native capability — no local LLM dependency in this skill

Setup

  1. cp config.example.json config.json and fill in your family.
  2. Set GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET / GOOGLE_REFRESH_TOKEN in your environment, or migrate them into the macOS Keychain via python migrate_to_keychain.py.
  3. pip install -e . (uses pyproject.toml).
  4. python -m pytest should report all tests passing.
  5. python setup_check.py runs a config + auth sanity check.

Limitations

  • macOS Keychain integration is best-effort on macOS only; other platforms fall through to env vars.
  • The daily briefing assumes one Google Calendar; multi-calendar merging is not yet supported.

Troubleshooting

  • Briefing missing weather — Open-Meteo rate limit. The reliability tracker in household/briefing_reliability.json will flag the day as degraded.
  • Gmail auth errorpython core/reauth_google.py to re-mint the refresh token. The school email monitor will WhatsApp you exactly once when this happens, then go silent until fixed.
  • JSON file corrupt — atomic writes prevent this in normal operation. If it happens anyway (e.g., disk full), delete the file; the loader recreates an empty one.

License

MIT

Usage Guidance
This package appears to be what it says: a local household coordinator that reads Google Calendar and Gmail and uses OpenClaw for WhatsApp delivery. Before installing: - Verify you trust the OpenClaw CLI/binary (this skill depends on it for message delivery and status checks). If you don't already have OpenClaw installed from a trusted source, do not enable WhatsApp delivery. - Review pyproject.toml to see which third-party Python packages will be installed by pip install -e . and audit them if you need to. - Be aware reauth_google.py will write the refresh token into .env (and can store it in macOS Keychain). Ensure .env is chmod 600 or prefer Keychain storage on macOS. A refresh token grants ongoing API access — treat it as sensitive. - Inspect config.json (copy of config.example.json) before running. It will contain family names, phone numbers, calendar IDs, and school email domains used by the skill; keep that file private and gitignored as recommended. - The skill polls Gmail every two hours (during configured windows) and will add calendar events based on parsed email content/PDF attachments — if you want to limit automatic calendar writes, review and adjust the school/email settings in config.json or run in a dry mode until you’re comfortable. Minor note: the registry metadata and SKILL.md disagree on required binaries (registry lists none while SKILL.md expects 'openclaw'); confirm that the platform will make the OpenClaw CLI available before enabling full functionality.
Capability Analysis
Type: OpenClaw Skill Name: homebase Version: 0.3.2 The 'homebase' skill is a comprehensive household coordinator that manages calendars, meals, and health tracking. It handles sensitive Google OAuth credentials using industry-standard practices, including macOS Keychain integration via the 'keyring' library and atomic file writes in 'utils.py' to prevent data corruption. Security-conscious design is evident in 'agent.md', which enforces strict command formatting to prevent shell injection, and 'setup_check.py', which audits file permissions. No evidence of data exfiltration, malicious prompt injection, or unauthorized execution was found; all outbound traffic is limited to official Google APIs and Open-Meteo.
Capability Tags
cryptocan-make-purchasesrequires-oauth-token
Capability Assessment
Purpose & Capability
The skill is a household coordinator that integrates Google Calendar and Gmail and uses OpenClaw for WhatsApp delivery. The required env vars (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_REFRESH_TOKEN) and the code (calendar, school email monitor, briefing, weather via Open-Meteo) align with the stated purpose. Minor metadata inconsistency: the registry metadata at the top lists no required binaries while SKILL.md metadata and runtime code expect the 'openclaw' CLI; requiring the OpenClaw CLI is appropriate for WhatsApp delivery but the registry metadata should match.
Instruction Scope
SKILL.md and agent.md keep scope limited to calendar, briefing, meal and shopping lists, Gmail scanning for school emails, and local JSON state. Runtime code reads config.json, uses Google APIs, calls Open-Meteo, and invokes the 'openclaw' CLI for gateway status and message delivery — all consistent with the description. The reauth flow writes refresh tokens to .env and optionally to macOS Keychain (documented). The agent/README explicitly forbids arbitrary shell commands and mandates using tools.py entrypoint, reducing scope creep. There are no instructions to read unrelated system files or to send data to unexpected domains.
Install Mechanism
There is no automatic install spec in the registry (no packaged download); the repo contains Python code and pyproject.toml and SKILL.md instructs using 'pip install -e .'. That's a normal install path but means pip will install declared dependencies; review pyproject.toml if you want to audit third-party packages. No remote download URLs or extract/install steps from untrusted hosts are present in the skill metadata or SKILL.md.
Credentials
Only Google OAuth credentials are required and declared (client id/secret/refresh token). The skill uses macOS Keychain optionally and falls back to a local .env file (it documents chmod 600). No unrelated tokens, LLM API keys, or third-party secrets are requested. Note: the reauth script updates .env on disk and also offers to store the refresh token in Keychain — you should ensure .env has correct permissions and be comfortable with a refresh token being written to disk if you run reauth.
Persistence & Privilege
The skill does not set always:true. It stores local JSON state under household/ and calendar_data/ and optionally suggests installing a launchd template that runs the OpenClaw gateway (the plist runs the openclaw CLI, not Homebase python directly). The skill can be invoked autonomously by your agent (default behavior) — expected for an orchestration skill — but it does not request elevated system-wide privileges or attempt to modify other skills' configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install homebase
  3. After installation, invoke the skill by name or use /homebase
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.2
fix: update description, trigger security rescan after hardcoded-path fix in 0.3.1
v0.3.1
fix: replace hardcoded absolute paths with {baseDir} for ClawHub portability
v0.3.0
structured meals schema + calendar sync fix + catalog learning. Replaces natural-language meal_rules with structured kids[].meals objects. Adds save_meal_plan validator, catalog learning (Path B), calendar drop+replace sync, dropoff classifier fix, CLI credential bootstrap.
v0.2.5
Declare 'openclaw' CLI as required binary in SKILL.md frontmatter (metadata.openclaw.requires.bin) so the registry surfaces the runtime dependency. Addresses the one nit from the 0.2.4 OpenClaw review.
v0.2.4
Added [project.urls] in pyproject.toml pointing at github.com/hchawla/homebase so the scanner can verify upstream. Rewrote SKILL.md secrets handling to enumerate exact outbound calls (Google APIs + Open-Meteo) instead of the misleading 'no third-party calls' claim.
v0.2.3
Removed U+200D zero-width joiners from agent.md (family emoji header) that the ClawHub injection scanner false-flagged as unicode-control-chars. Bundle now passes scanner.detectInjectionPatterns() with zero matches.
v0.2.2
Portability: replaced 9 Homebrew-pinned shebangs with /usr/bin/env python3. Docs: SKILL.md now spells out .env file permissions and clarifies that the launchd plist runs the OpenClaw gateway daemon, not Homebase Python.
v0.2.1
Security: removed os.system runtime pip install in migrate_to_keychain.py and core/reauth_google.py, removed last subprocess shell construction (at scheduler) in features/health/health_tracker.py, disclosed Keychain usage in SKILL.md, dropped 'buy' from shopping list parser to avoid can-make-purchases auto-tag, fixed get_morning_meal_checkin_text docstring.
v0.2.0
Initial public release
Metadata
Slug homebase
Version 0.3.2
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 9
Frequently Asked Questions

What is Homebase?

Family household coordinator. Aggregates Google Calendar, runs a daily morning briefing (weather, schedule, kids meals, school snacks), watches school Gmail... It is an AI Agent Skill for Claude Code / OpenClaw, with 183 downloads so far.

How do I install Homebase?

Run "/install homebase" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Homebase free?

Yes, Homebase is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Homebase support?

Homebase is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Homebase?

It is built and maintained by Harsh Chawla (@hchawla); the current version is v0.3.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments