← Back to Skills Marketplace
indigokarasu

Vesper

by Indigo Karasu · GitHub ↗ · v2.7.0 · MIT-0
cross-platform ⚠ suspicious
294
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install ocas-vesper
Description
Daily briefing generator. Aggregates signals from across the system into concise morning and evening briefings. Surfaces outcomes, opportunities, and decisio...
Usage Guidance
This skill appears to do what it claims — aggregate proposals and produce briefings — but review these before enabling it: - Confirm the filesystem read scope: skill.json allows reading ~/openclaw/data/*/intake/. Ask whether it can be limited to the specific skills it needs (e.g., ocas-corvus, ocas-rally) rather than the wildcard that touches every skill's intake. - Self-update inconsistency: the registry lists no required binaries but the skill declares a gh/tar/python3 update mechanism. Verify whether gh/tar/python3 are present and whether automatic self-updates are acceptable; consider disabling auto-update until you review the GitHub source. - Scheduled tasks / cron registration: the skill expects to register cron jobs. Ensure your platform/operator policy allows skills to create scheduled jobs and review what happens if the skill is removed or updated. - Data exposure: the skill writes journals and briefings to local directories (journals/ and briefings/) and creates inline links (calendar/gmail/maps). Make sure those output directories are acceptable destinations for user-facing content and do not leak private IDs to unintended consumers. - Source trust: the SKILL.md references a GitHub repo; if you plan to install, inspect that repository (or require a pinned release) to confirm there is no hidden behavior. Given the broad read permission and self-update inconsistencies, proceed only after narrowing filesystem access and confirming update/install behavior. If you want, I can list the exact paths and manifest lines that are most concerning or draft a permission-limited manifest you could request from the author.
Capability Analysis
Type: OpenClaw Skill Name: ocas-vesper Version: 2.7.0 The skill implements a high-risk self-update mechanism (vesper.update) in SKILL.md and skill.json that uses the GitHub CLI and tar to download and overwrite its own directory with remote content from a hardcoded repository. While this is documented as a feature, the pattern of fetching and executing remote code via a cron job (vesper:update) creates a significant supply chain risk. Additionally, the skill possesses broad read access to sensitive directories containing email threads, financial data, and calendar events to perform its aggregation duties, which increases the impact of the aforementioned update mechanism.
Capability Assessment
Purpose & Capability
The name/description (daily briefing aggregator) aligns with the instructions to read proposals and assemble briefings. However skill.json declares filesystem read access to ~/openclaw/data/*/intake/ (all skills' intake directories), which is broader than a narrowly scoped aggregator would typically need and could expose unrelated sensitive inputs.
Instruction Scope
SKILL.md explicitly instructs the agent to read other skills' proposal directories, apply filtering, write briefings and journals, and preserve processed IDs. Those actions are coherent with an aggregator. There are no instructions that clearly attempt to exfiltrate data to unknown remote endpoints. It does reference external Calendar/Weather APIs and link formatting, which is expected for briefings.
Install Mechanism
The skill is instruction-only (no install spec) so there's no immediate download risk. But SKILL.md and README mention a self-update flow (openclaw skill install <github>, and skill.json documents a 'gh CLI + tar + python3' version-checked tarball update). The registry metadata elsewhere lists no required binaries — an inconsistency worth confirming before enabling automatic self-updates.
Credentials
Declared required env vars: none. But skill.json's filesystem policy (read: ~/openclaw/data/*/intake/) and the SKILL.md's explicit reads from other skills' proposal directories give it wide read access across the agent's skill data. That breadth is larger than strictly necessary to read a small set of proposal files and could surface unrelated sensitive content from other skills. Also self-update claiming gh/tar/python implies dependencies not declared in the lightweight manifest.
Persistence & Privilege
always:false (normal). The skill requests scheduled tasks (morning/evening/update) and the README describes registering cron jobs on init — that's persistent behavior but appropriate for a briefing service. Confirm whether the platform enforces or approves cron registration; automatic self-updates plus scheduled runs increase blast radius if the skill is later compromised.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ocas-vesper
  3. After installation, invoke the skill by name or use /ocas-vesper
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.7.0
ocas-vesper 2.7.0 - Major update: Vesper now reads proposals and data directly from other skills’ directories, not via intake handoff. - Expanded formatting rules—briefings output as plain text/minimal HTML (no markdown), stricter section management, new section header styles, and streamlined weather/markets language. - New ontology: Vesper observes and records entities (person, event, place) in briefing outputs, for use by downstream Chronicle. - Inter-skill integration revised: briefing content and status now rely on cooperative reads from Corvus, Custodian, Dispatch, and Rally; output files go to a new organized briefings directory for Dispatch pickup. - Documentation for run completion, formatting rules, and inter-skill interfaces rewritten and expanded.
v2.3.0
ocas-vesper 2.3.0 - Added initialization routine (`vesper.init`) to set up data directories, default config, and required cron jobs on first use. - Introduced a self-update command (`vesper.update`) and nightly cron job to update the skill from the GitHub source. - Expanded and clarified documentation, including initialization steps, command list, supported trigger phrases, and background task schedules. - Added a public README.md file for better external visibility and onboarding. - Documentation improvements for responsibility boundaries and clearer guidance on use cases and exclusions.
v2.0.0
- Added `references/journal.md` support file describing journal outputs and usage. - Documented new `vesper.journal` command for writing a journal at the end of every run. - Expanded skill boundaries and interfaces: clarified intake from Corvus, output locations, and inter-skill relationships. - Updated storage layout and configuration defaults, including journal output paths. - Added OKRs and linked to universal journaling requirements for consistent run evaluation.
v1.0.0
Initial release of ocas-vesper: concise daily briefing generator. - Aggregates system signals to create actionable morning and evening briefings in natural language. - Surfaces outcomes and opportunities while hiding internal system reasoning and processes. - Supports configurable briefing schedule, section selection, and on-demand or automatic delivery. - Distinct commands for generating briefings, listing pending decision requests, and adjusting configuration. - Strict inclusion/exclusion filtering and conversational formatting rules ensure clarity and relevance.
Metadata
Slug ocas-vesper
Version 2.7.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Vesper?

Daily briefing generator. Aggregates signals from across the system into concise morning and evening briefings. Surfaces outcomes, opportunities, and decisio... It is an AI Agent Skill for Claude Code / OpenClaw, with 294 downloads so far.

How do I install Vesper?

Run "/install ocas-vesper" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Vesper free?

Yes, Vesper is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Vesper support?

Vesper is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Vesper?

It is built and maintained by Indigo Karasu (@indigokarasu); the current version is v2.7.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments