Is 421zuoduan/lifelog safe?

https://github.com/openclaw/skills/tree/main/skills/421zuoduan/lifelog

92
SAFE

This is a legitimate life logging skill that automatically records daily activities to Notion with intelligent date recognition and LLM-powered analysis. The skill performs exactly as described with no malicious behavior detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

INFO Contains executable shell scripts -15

The skill includes three bash scripts (lifelog-append.sh, lifelog-daily-summary-v5.sh, lifelog-update.sh) that execute shell commands and make HTTP API calls. This is necessary for the core functionality but represents executable code.

LOW Sends personal data to external service -10

The skill sends user's personal life log data to Notion's servers via API calls. While this is the intended functionality, users should be aware that personal information leaves their local environment.

INFO Requires user API credential configuration -15

The skill requires users to manually configure their own Notion API keys and database IDs in the script files. This is good security practice but requires user setup.