← 返回 Skills 市场
hchawla

Homebase

作者 Harsh Chawla · GitHub ↗ · v0.3.2 · MIT-0
cross-platform ✓ 安全检测通过
183
总下载
0
收藏
1
当前安装
9
版本数
在 OpenClaw 中安装
/install homebase
功能描述
Family household coordinator. Aggregates Google Calendar, runs a daily morning briefing (weather, schedule, kids meals, school snacks), watches school Gmail...
使用说明 (SKILL.md)

Homebase

A unified household assistant that runs as an OpenClaw skill. Built for families who want one place for the calendar, the meal plan, the grocery list, the school inbox, and the morning routine — without writing any code per family.

Features

  • Morning briefing — daily 7 AM weather + schedule + kids meal + school snack digest. Pre-flight health check, output validation, 30-day reliability tracker.
  • Calendar — Google Calendar sync + natural-language event creation.
  • Kids meals — config-driven per-kid breakfast/lunch/snack rotation with allergy and texture rules. Avoids same-meal-twice patterns from history.
  • Weekly meal planner — Saturday 6 PM draft, family revises by reply, Sunday 9 PM auto-lock. Max 2 revisions then auto-locks.
  • School email monitor — every 2 hours during school, parses Gmail for school flyers + PDF attachments, dedupes, surfaces important items.
  • Receipt + media watcher — receipt photos sent to WhatsApp get classified by caption keywords, then read by the OpenClaw agent's native vision and logged to a per-restaurant rating ledger.
  • Shopping list — per-store ("Costco", "Indian", "Target") item lists with atomic writes.
  • Health tracker — Tylenol/ibuprofen dose log per kid with weight-based safety limits and minimum-interval enforcement.
  • Trip detector — scans the calendar for upcoming trips, classifies the destination (mountain/beach/desert/urban), pulls weather, composes prep notes from per-kid profiles.

Architecture

Python tools return data. The OpenClaw agent (model-agnostic — Claude, Gemma, GPT, Llama, whatever OpenClaw is configured with) composes and delivers all user-facing messages. Python never sends WhatsApp and never calls any LLM. Every Python state file is written atomically (tempfile + fsync + rename) so a mid-write crash never leaves a corrupt JSON behind. Cron entry points have a top-level try/except so a crash always emits a parseable status object instead of silently swallowing the run.

Secrets handling

This skill needs Google OAuth credentials (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_REFRESH_TOKEN) to read your Google Calendar and school Gmail. No other API keys, no LLM keys, no third-party tokens.

Credentials are read from environment variables. On macOS they can optionally be migrated into the system Keychain via migrate_to_keychain.py and then removed from .env. The skill never transmits credentials anywhere except to Google's official OAuth endpoint via google-auth-oauthlib.

The only outbound network calls this skill makes are to documented services required for its features:

  • Google OAuth + Gmail + Calendar APIs (*.googleapis.com) for the calendar sync, school email monitor, and credential refresh
  • Open-Meteo (api.open-meteo.com) for weather forecasts in the morning briefing and trip detector — no API key, no account, no PII sent

There is no telemetry, no analytics, no third-party tracking, no calls to any other domain.

All household state (calendar cache, meal history, health log, kid profiles, restaurant ratings, shopping list, briefing reliability tracker) is stored as local JSON files in household/ and calendar_data/. Nothing leaves your machine.

File permissions. .env should be chmod 600 (the included setup_check.py verifies this). The household/ and calendar_data/ JSON files inherit your user umask — they're owned by the user running OpenClaw and not accessible to other local users on a default macOS or Linux setup. If you're on a multi-user system, audit those paths.

About the launchd plist

com.openclaw.daemon.plist in this repo is a template for the OpenClaw gateway daemon, not for Homebase code. The plist runs /usr/local/bin/openclaw start --foreground, which is what keeps the WhatsApp bridge alive across logins. It does NOT run any Homebase Python directly.

It's optional. You only need it if you want WhatsApp delivery to survive a logout or reboot. Without it, OpenClaw runs only while your terminal session is active. If you install it, it lives at ~/Library/LaunchAgents/com.openclaw.daemon.plist and can be removed at any time with launchctl unload.

Requirements

  • Python 3.12+
  • Google Cloud project with Gmail + Calendar APIs enabled
  • WhatsApp delivery via OpenClaw (no direct integration in this skill)
  • Image vision is handled by the OpenClaw agent's native capability — no local LLM dependency in this skill

Setup

  1. cp config.example.json config.json and fill in your family.
  2. Set GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET / GOOGLE_REFRESH_TOKEN in your environment, or migrate them into the macOS Keychain via python migrate_to_keychain.py.
  3. pip install -e . (uses pyproject.toml).
  4. python -m pytest should report all tests passing.
  5. python setup_check.py runs a config + auth sanity check.

Limitations

  • macOS Keychain integration is best-effort on macOS only; other platforms fall through to env vars.
  • The daily briefing assumes one Google Calendar; multi-calendar merging is not yet supported.

Troubleshooting

  • Briefing missing weather — Open-Meteo rate limit. The reliability tracker in household/briefing_reliability.json will flag the day as degraded.
  • Gmail auth errorpython core/reauth_google.py to re-mint the refresh token. The school email monitor will WhatsApp you exactly once when this happens, then go silent until fixed.
  • JSON file corrupt — atomic writes prevent this in normal operation. If it happens anyway (e.g., disk full), delete the file; the loader recreates an empty one.

License

MIT

安全使用建议
This package appears to be what it says: a local household coordinator that reads Google Calendar and Gmail and uses OpenClaw for WhatsApp delivery. Before installing: - Verify you trust the OpenClaw CLI/binary (this skill depends on it for message delivery and status checks). If you don't already have OpenClaw installed from a trusted source, do not enable WhatsApp delivery. - Review pyproject.toml to see which third-party Python packages will be installed by pip install -e . and audit them if you need to. - Be aware reauth_google.py will write the refresh token into .env (and can store it in macOS Keychain). Ensure .env is chmod 600 or prefer Keychain storage on macOS. A refresh token grants ongoing API access — treat it as sensitive. - Inspect config.json (copy of config.example.json) before running. It will contain family names, phone numbers, calendar IDs, and school email domains used by the skill; keep that file private and gitignored as recommended. - The skill polls Gmail every two hours (during configured windows) and will add calendar events based on parsed email content/PDF attachments — if you want to limit automatic calendar writes, review and adjust the school/email settings in config.json or run in a dry mode until you’re comfortable. Minor note: the registry metadata and SKILL.md disagree on required binaries (registry lists none while SKILL.md expects 'openclaw'); confirm that the platform will make the OpenClaw CLI available before enabling full functionality.
功能分析
Type: OpenClaw Skill Name: homebase Version: 0.3.2 The 'homebase' skill is a comprehensive household coordinator that manages calendars, meals, and health tracking. It handles sensitive Google OAuth credentials using industry-standard practices, including macOS Keychain integration via the 'keyring' library and atomic file writes in 'utils.py' to prevent data corruption. Security-conscious design is evident in 'agent.md', which enforces strict command formatting to prevent shell injection, and 'setup_check.py', which audits file permissions. No evidence of data exfiltration, malicious prompt injection, or unauthorized execution was found; all outbound traffic is limited to official Google APIs and Open-Meteo.
能力标签
cryptocan-make-purchasesrequires-oauth-token
能力评估
Purpose & Capability
The skill is a household coordinator that integrates Google Calendar and Gmail and uses OpenClaw for WhatsApp delivery. The required env vars (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_REFRESH_TOKEN) and the code (calendar, school email monitor, briefing, weather via Open-Meteo) align with the stated purpose. Minor metadata inconsistency: the registry metadata at the top lists no required binaries while SKILL.md metadata and runtime code expect the 'openclaw' CLI; requiring the OpenClaw CLI is appropriate for WhatsApp delivery but the registry metadata should match.
Instruction Scope
SKILL.md and agent.md keep scope limited to calendar, briefing, meal and shopping lists, Gmail scanning for school emails, and local JSON state. Runtime code reads config.json, uses Google APIs, calls Open-Meteo, and invokes the 'openclaw' CLI for gateway status and message delivery — all consistent with the description. The reauth flow writes refresh tokens to .env and optionally to macOS Keychain (documented). The agent/README explicitly forbids arbitrary shell commands and mandates using tools.py entrypoint, reducing scope creep. There are no instructions to read unrelated system files or to send data to unexpected domains.
Install Mechanism
There is no automatic install spec in the registry (no packaged download); the repo contains Python code and pyproject.toml and SKILL.md instructs using 'pip install -e .'. That's a normal install path but means pip will install declared dependencies; review pyproject.toml if you want to audit third-party packages. No remote download URLs or extract/install steps from untrusted hosts are present in the skill metadata or SKILL.md.
Credentials
Only Google OAuth credentials are required and declared (client id/secret/refresh token). The skill uses macOS Keychain optionally and falls back to a local .env file (it documents chmod 600). No unrelated tokens, LLM API keys, or third-party secrets are requested. Note: the reauth script updates .env on disk and also offers to store the refresh token in Keychain — you should ensure .env has correct permissions and be comfortable with a refresh token being written to disk if you run reauth.
Persistence & Privilege
The skill does not set always:true. It stores local JSON state under household/ and calendar_data/ and optionally suggests installing a launchd template that runs the OpenClaw gateway (the plist runs the openclaw CLI, not Homebase python directly). The skill can be invoked autonomously by your agent (default behavior) — expected for an orchestration skill — but it does not request elevated system-wide privileges or attempt to modify other skills' configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install homebase
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /homebase 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.2
fix: update description, trigger security rescan after hardcoded-path fix in 0.3.1
v0.3.1
fix: replace hardcoded absolute paths with {baseDir} for ClawHub portability
v0.3.0
structured meals schema + calendar sync fix + catalog learning. Replaces natural-language meal_rules with structured kids[].meals objects. Adds save_meal_plan validator, catalog learning (Path B), calendar drop+replace sync, dropoff classifier fix, CLI credential bootstrap.
v0.2.5
Declare 'openclaw' CLI as required binary in SKILL.md frontmatter (metadata.openclaw.requires.bin) so the registry surfaces the runtime dependency. Addresses the one nit from the 0.2.4 OpenClaw review.
v0.2.4
Added [project.urls] in pyproject.toml pointing at github.com/hchawla/homebase so the scanner can verify upstream. Rewrote SKILL.md secrets handling to enumerate exact outbound calls (Google APIs + Open-Meteo) instead of the misleading 'no third-party calls' claim.
v0.2.3
Removed U+200D zero-width joiners from agent.md (family emoji header) that the ClawHub injection scanner false-flagged as unicode-control-chars. Bundle now passes scanner.detectInjectionPatterns() with zero matches.
v0.2.2
Portability: replaced 9 Homebrew-pinned shebangs with /usr/bin/env python3. Docs: SKILL.md now spells out .env file permissions and clarifies that the launchd plist runs the OpenClaw gateway daemon, not Homebase Python.
v0.2.1
Security: removed os.system runtime pip install in migrate_to_keychain.py and core/reauth_google.py, removed last subprocess shell construction (at scheduler) in features/health/health_tracker.py, disclosed Keychain usage in SKILL.md, dropped 'buy' from shopping list parser to avoid can-make-purchases auto-tag, fixed get_morning_meal_checkin_text docstring.
v0.2.0
Initial public release
元数据
Slug homebase
版本 0.3.2
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 9
常见问题

Homebase 是什么?

Family household coordinator. Aggregates Google Calendar, runs a daily morning briefing (weather, schedule, kids meals, school snacks), watches school Gmail... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 183 次。

如何安装 Homebase?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install homebase」即可一键安装,无需额外配置。

Homebase 是免费的吗?

是的,Homebase 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Homebase 支持哪些平台?

Homebase 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Homebase?

由 Harsh Chawla(@hchawla)开发并维护,当前版本 v0.3.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论