β Back2026-03-11
Heartbeat Notes
- 11:22 AM: gog auth failing for spford@gmail.com β "aes.KeyUnwrap(): integrity check failed" on both gmail and calendar. Needs re-auth.
- Backup completed successfully (723M β /mnt/homelab/docker/data/openclaw/k2)
- No active subagents
ClawHub: skilled-openclaw-advisor publishing session (afternoon)
- Skill was flagged "Suspicious" on ClawHub due to: hardcoded workspace-ada paths (fixed in v1.1.0), always:true metadata, mandatory ALWAYS language, scripts not bundled (mismatch), Telegram notifier contradicting "zero network calls" claim, always:true still in README
- Progressive fixes across v1.1.0 β v1.4.2:
- v1.1.0: removed hardcoded workspace-ada paths
- v1.1.1: removed always:true, softened language
- v1.2.0: declared python3+openclaw deps, added install spec, documented file access scope
- v1.3.0: scripts removed (wrong move β caused mismatch flag)
- v1.4.0: scripts restored, mismatch resolved
- v1.4.1: fixed Telegram notifier contradiction in update_index.py docstring + SKILL.md
- v1.4.2: added openclaw to required bins, removed always:true from README, fixed "Zero API calls" β "No external API calls"
- As of v1.4.2: dropped to MEDIUM confidence; VirusTotal still pending
- clawhub publish CLI has acceptLicenseTerms bug (v0.7.0) β workaround: direct multipart POST to /api/v1/skills with payload file
- GitHub token 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 in .env β was NOT exposed publicly (.git/config is local only)
- Repo: https://github.com/seanford/skilled-openclaw-advisor