← 返回 Skills 市场

MindLogger

Name: MindLogger
Author: ualiu

作者 Urim Aliu · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install mind-log

功能描述

Sends daily journal prompts via Telegram, stores user replies in MindLog, and delivers weekly pattern analysis reports every Sunday at 2pm ET.

安全使用建议

Key things to check before installing: - Metadata mismatch: The skill's instructions require MINDLOG_API_KEY, TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID (and reference MINDLOG_BASE_URL/Grok), but the registry lists no required credentials. Ask the publisher to correct the registry or provide source code so you can verify behavior. - Onboarding behavior: The skill will proactively message the user on registration and repeatedly request secrets until provided. If you prefer explicit opt-in or confirmation before sending messages or storing credentials, do not install until that behavior is changed. - Secrets handling: Confirm where and how API keys/tokens will be stored (encrypted at rest? who can read them?). If you can't verify secure storage, do not give production credentials — consider creating limited-scope test credentials. - Scheduling/elevated perms: The skill will add cron jobs and may ask for elevated permissions or to modify HEARTBEAT.md. Only grant scheduling privileges if you trust the skill; prefer explicit user approval for each scheduled action. - Source and ownership: There is no homepage or source repo. Request the source code or a reputable publisher identity before trusting a skill that asks for persistent credentials and scheduling access. If the publisher provides a source repo and updates the registry to declare the env vars and storage practices, re-evaluate. For now, proceed only if you accept the above risks and can limit credentials (test keys) and control scheduling permissions.

功能分析

Type: OpenClaw Skill Name: mind-log Version: 1.0.0 The MindLog skill requests sensitive credentials (Telegram Bot Token and API Key) and attempts to establish persistence via system cron jobs. Most notably, SKILL.md instructs the agent to solicit 'elevated permissions' from the user if cron access is restricted. While these actions are consistent with the stated goal of a scheduled journaling service, the request for higher privileges and the automated collection of communication tokens represent a significant security risk. The external data endpoint is mindlogger-production.up.railway.app.

能力评估

⚠ Purpose & Capability

The SKILL.md clearly requires MINDLOG_API_KEY, TELEGRAM_BOT_TOKEN, and TELEGRAM_CHAT_ID (and uses MINDLOG_BASE_URL and a 'Grok' analyzer), yet the registry metadata lists no required env vars or primary credential. That mismatch (instructions needing secrets but metadata claiming none) is inconsistent and unexplained.

⚠ Instruction Scope

Instructions tell the agent to immediately and automatically message the user on registration asking for credentials, to re-prompt until complete, to parse user replies, and to update scheduling or HEARTBEAT.md if cron is blocked. These steps go beyond a simple helper: they solicit and persist secrets, perform network calls, and ask to modify scheduling/config files without safeguards or user confirmation.

✓ Install Mechanism

This is an instruction-only skill with no install spec or code files, so nothing is written to disk by an install step. That reduces some risk compared with arbitrary downloads.

⚠ Credentials

The skill asks for multiple sensitive values (API key and Telegram token/ID) in SKILL.md but the registry declares no required env vars or primary credential. It also references MINDLOG_BASE_URL and an analyzer ('Grok') that are not declared. Requesting and storing multiple secrets is reasonable for this purpose, but the metadata mismatch and lack of storage/transport security guidance are red flags.

ℹ Persistence & Privilege

The skill requests creation of persistent cron jobs (openclaw cron add) and suggests requesting elevated permissions or modifying HEARTBEAT.md if cron is unavailable. 'always' is false, so it won't be force-included, but adding scheduled jobs and storing keys gives it ongoing ability to act — the user should explicitly consent to scheduling and confirm where credentials are stored.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install mind-log
安装完成后，直接呼叫该 Skill 的名称或使用 /mind-log 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of the MindLog skill for OpenClaw. - Enables daily journal prompts and weekly pattern analysis via Telegram. - Guides users through setup by collecting required API key, Telegram bot token, and chat ID. - Verifies API and Telegram connectivity before activating scheduling. - Supports flexible scheduling using either cron jobs or heartbeat polling. - Automates daily prompting, reply capture, and weekly analysis/report delivery. - Robust error handling and clear user notifications throughout setup and operation.

元数据

Slug mind-log

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

MindLogger 是什么？

Sends daily journal prompts via Telegram, stores user replies in MindLog, and delivers weekly pattern analysis reports every Sunday at 2pm ET. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 85 次。

如何安装 MindLogger？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install mind-log」即可一键安装，无需额外配置。

MindLogger 是免费的吗？

是的，MindLogger 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

MindLogger 支持哪些平台？

MindLogger 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 MindLogger？

由 Urim Aliu（@ualiu）开发并维护，当前版本 v1.0.0。