← Back to Skills Marketplace
cryptocana

Nova Letters

by Novaiok · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
533
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install nova-letters
Description
Write reflective letters to your future self. Capture what matters across sessions.
Usage Guidance
This skill appears to be a simple local CLI that saves and reads markdown 'letters' in ~/.openclaw/workspace/letters and does not access the network or request secrets. Before installing, note the documentation mismatches: SKILL.md/README list a 'today' command and claim timezone autodetection/NODE_TZ support, but the shipped CLI uses a 'read' command (which reads today by default) and hardcodes America/New_York for timestamps. Also confirm you are comfortable with the tool creating and appending files under ~/.openclaw/workspace/letters. If you want to use it in automation, test the actual commands (read vs today) and consider editing the source to respect your timezone or NODE_TZ if needed. If you have strict security requirements, run the CLI under a limited account and inspect the file path and code locally before installing globally.
Capability Analysis
Type: OpenClaw Skill Name: nova-letters Version: 0.1.0 The skill's stated purpose of helping an AI agent write and read reflective letters is benign. However, the `nova-letters.js` script contains a path traversal vulnerability in its `readLetter` function. The `date` argument, which is used to construct the filename, is not sanitized, allowing an attacker or a compromised agent to read arbitrary files outside the intended `~/.openclaw/workspace/letters/` directory (e.g., `nova-letters read ../../../etc/passwd`). This critical information disclosure vulnerability makes the skill suspicious, as it allows for unauthorized access to system files.
Capability Assessment
Purpose & Capability
Name/description match the code and files: the package implements a local CLI that writes, lists, reads, and searches daily markdown letter files under ~/.openclaw/workspace/letters. It does not request unrelated credentials or external services.
Instruction Scope
SKILL.md/README claim commands like 'nova-letters today' and describe auto-detected timezone / NODE_TZ configuration, but the implementation exposes 'read' (which defaults to today when no date is provided) rather than a 'today' subcommand, and the code hardcodes the 'America/New_York' timezone instead of honoring NODE_TZ. These are documentation/UX inconsistencies (not unexpected malicious behavior) but will confuse users and scripts.
Install Mechanism
No install specification in the registry; package.json provides a CLI entrypoint and the README suggests npm or a platform installer. Nothing is downloaded at runtime and there are no external install URLs, so install risk is low.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code only reads the user's home directory (os.homedir()) to store files under ~/.openclaw/workspace/letters, which is proportionate to its purpose.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges. It creates a directory and writes files under the user's home directory (normal for a local CLI). It does not modify other skills or system-wide configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install nova-letters
  3. After installation, invoke the skill by name or use /nova-letters
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
nova-letters 0.1.0 — Initial release - Write reflective letters to your future self, capturing key moments and thoughts across sessions. - Letters are saved daily as markdown files in `~/.openclaw/workspace/letters/`, each entry timestamped. - Commands to write, read, list, and watch letters; supports reading today’s or any specific day's letters. - Designed for meaning over logging—focus on reflections, not just facts. - Integrates easily with OpenClaw workflows and scripts.
Metadata
Slug nova-letters
Version 0.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Nova Letters?

Write reflective letters to your future self. Capture what matters across sessions. It is an AI Agent Skill for Claude Code / OpenClaw, with 533 downloads so far.

How do I install Nova Letters?

Run "/install nova-letters" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Nova Letters free?

Yes, Nova Letters is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Nova Letters support?

Nova Letters is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Nova Letters?

It is built and maintained by Novaiok (@cryptocana); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments