stealth-break

健康摸鱼技能，提供隐蔽的休息策略和定时提醒，使用 macOS 系统通知推送，帮助缓解工作压力、眼睛疲劳、腰椎问题，预防猝死。

This skill appears to do what it says (provide break suggestions and schedule macOS notifications), but take these precautions before installing or allowing it to run commands: - Confirm you are on macOS. The skill's notifications use osascript; it will fail or do nothing on other OSes. The skill metadata does not restrict OS, so verify platform compatibility. - Review and approve any cron entries before they are written. Creating cron jobs is persistent and edits your crontab; back up your crontab (crontab -l > backup.txt) and inspect new lines. - When the agent proposes shell commands (cron or osascript), don't let it run them blindly — copy them and run them manually if you prefer. - The package.json/README mention an npx install and a repository URL but no install spec is present in the bundle. Verify the skill's source and distribution channel (who published it, and whether the repository is trustworthy) before using automated installers. - If you want automatic scheduling, prefer explicit, minimal cron entries that only call osascript with static, reviewed strings. Avoid giving the skill blanket permission to execute arbitrary shell commands. If you want, I can (a) extract the exact cron lines and osascript commands the skill would create so you can inspect them, or (b) produce step-by-step manual instructions to set up the reminders yourself without granting the agent permission to edit your crontab.

Type: OpenClaw Skill Name: stealth-break Version: 1.0.0 The skill instructs the AI agent to modify the system's crontab and execute shell commands via 'osascript' to schedule recurring health reminders. While these actions align with the stated purpose of providing 'stealthy' work breaks, the use of persistence mechanisms and direct command execution (exec) represents a high-risk capability that could be easily repurposed for malicious persistence or unauthorized execution (SKILL.md).