← 返回 Skills 市场

Remind Me 2.1.0

Name: Remind Me 2.1.0
Author: loui1979

作者 Lougazi · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

2952

总下载

当前安装

版本数

在 OpenClaw 中安装

/install remind-me-2-1-0

功能描述

Set reminders using natural language. Automatically creates one-time cron jobs and logs to markdown.

安全使用建议

Do not install blindly. Key concerns: (1) The scripts call 'npx tsx' in /home/julian/clawdbot and will execute code from that repo (or fail) — ensure you control and inspect that project. (2) Reminders are delivered via Telegram to a hardcoded recipient (6636746252) — this will send reminder text externally and could leak sensitive info; confirm the recipient is intended. (3) The code requires undeclared tools ('npx', 'tsx', 'jq') and uses a hardcoded home path (/home/julian) making it user-specific. (4) There is an inconsistency: check-reminders.sh looks for '- [ ]' items, but create-* scripts log '- [scheduled]'/'- [recurring]', so automatic delivery may not work as written. Actions to consider before proceeding: ask the publisher to explain the Telegram target and provide required environment/dependency documentation; run the scripts in a safe isolated test user account after installing and inspect the local /home/julian/clawdbot code; or reject the skill until these inconsistencies and undeclared external deliveries are resolved.

功能分析

Type: OpenClaw Skill Name: remind-me-2-1-0 Version: 1.0.0 The skill is classified as suspicious due to a potential argument injection vulnerability. The `create-reminder.sh` and `create-recurring.sh` scripts directly embed user-provided input (`MESSAGE`) into arguments for the `npx tsx src/index.ts cron add` command (e.g., `--name "Reminder: $MESSAGE"`). If the `cron add` command does not properly sanitize or quote these arguments, a malicious `MESSAGE` could lead to arbitrary command execution (RCE). The `SKILL.md` instructions for the agent also directly pass user input to these scripts, making the agent a vector for this vulnerability. There is no evidence of intentional malicious behavior like data exfiltration or persistence.

能力评估

⚠ Purpose & Capability

The description says it creates cron jobs and logs to markdown, which aligns with some files, but the scripts depend on a local project (cd /home/julian/clawdbot) and run 'npx tsx src/index.ts cron add' to create jobs and deliver messages via Telegram to a hardcoded recipient. The manifest declared only 'bash' and 'date' as required binaries; 'npx', 'tsx', and 'jq' are required by the scripts but not declared. Requiring a local Clawdbot repo and an external delivery channel is beyond the simple "cron + markdown" description and is not justified in the metadata.

⚠ Instruction Scope

SKILL.md instructs the agent to run the included scripts which read/write /home/julian/clawd/reminders.md and invoke the Clawdbot CLI (via npx) to deliver messages over Telegram to a fixed id (6636746252). The check-reminders.sh script expects unchecked items formatted as '- [ ] ...' and marks them '[x]', but create-reminder.sh and create-recurring.sh log entries as '- [scheduled]' and '- [recurring]', so the check script will not detect or mark those entries—an operational inconsistency. The scripts thus (a) modify user files in a hardcoded home path, (b) invoke a local JS tool with network/external-delivery side effects, and (c) will likely not work as intended due to inconsistent log formats.

ℹ Install Mechanism

There is no declared install spec (instruction-only), which is lower risk in isolation. However, the bundled scripts assume a node/npm environment ('npx', 'tsx') and 'jq' are available and that a local project exists at /home/julian/clawdbot. Those implicit dependencies increase runtime risk because arbitrary JavaScript code will be executed via npx from that repo (or will fail if absent).

⚠ Credentials

The skill declares no required environment variables or credentials but calls into a local Clawdbot command that delivers messages to Telegram (--channel telegram --to 6636746252). That implies the Clawdbot project must have credentials/config for delivery; those secrets are not declared. The hardcoded recipient ID means reminder content will be sent to a fixed external target (possible data leakage). No justification is provided for these credentials/targets in the SKILL.md.

ℹ Persistence & Privilege

always:false (normal) and the skill does not request system-wide privileges or modify other skills. It does, however, write to and edit a hardcoded file path (/home/julian/clawd/reminders.md) and assumes a particular user's directory layout; this limit of scope reduces broad privilege but makes the skill brittle and user-specific.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install remind-me-2-1-0
安装完成后，直接呼叫该 Skill 的名称或使用 /remind-me-2-1-0 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of Remind Me skill: set natural language reminders. - Supports both one-time and recurring reminders via cron jobs. - Logs all reminders to a markdown file for easy tracking. - Understands both relative ("in 2 hours") and absolute ("tomorrow at 3pm") time formats. - Provides manual commands to list, view, and remove reminders.

元数据

Slug remind-me-2-1-0

版本 1.0.0

许可证 —

累计安装 21

当前安装数 20

历史版本数 1

常见问题

Remind Me 2.1.0 是什么？

Set reminders using natural language. Automatically creates one-time cron jobs and logs to markdown. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2952 次。

如何安装 Remind Me 2.1.0？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install remind-me-2-1-0」即可一键安装，无需额外配置。

Remind Me 2.1.0 是免费的吗？

是的，Remind Me 2.1.0 完全免费（开源免费），可自由下载、安装和使用。

Remind Me 2.1.0 支持哪些平台？

Remind Me 2.1.0 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Remind Me 2.1.0？

由 Lougazi（@loui1979）开发并维护，当前版本 v1.0.0。