Secretary

Manage calendar, draft communications, and track preferences with explicit confirmation before actions.

This skill is plausible for a personal assistant but contains contradictory instructions about whether it will act without your OK. Before installing, ask the publisher to clarify and fix these contradictions: 1) confirm whether the skill will ever send messages or change calendar entries without explicit, itemized confirmation; 2) if it may act automatically, require an explicit whitelist of actions and recipients; 3) consider encrypting or moving ~/secretary to a secure location and review what data will be stored; 4) test in a restricted environment (no real VIPs, or with a throwaway calendar/account) to observe actual behavior. If you need guarantees that nothing is sent without review, do not install until the behavior is fixed and the SKILL.md and internal files consistently enforce that policy.

Type: OpenClaw Skill Name: secretary Version: 1.0.1 This skill bundle is suspicious due to significant contradictions between its stated safety boundaries and its actual operational instructions, coupled with highly autonomous and sensitive capabilities. The `SKILL.md` explicitly states the agent 'NEVER sends emails or messages without user confirmation' and 'NEVER accesses calendar/email APIs directly'. However, `calendar.md` and `writing.md` directly contradict this, instructing the agent to 'handle it' without asking, 'send confirmation in your voice', and 'write AS you' without approval for various communications. This deceptive presentation of capabilities, combined with the agent's autonomous control over email, calendar, and extensive collection of sensitive personal data (`memory-guide.md`), creates a high-risk scenario ripe for prompt injection attacks that could lead to unauthorized communications, reputational damage, or data exfiltration.