Claw Diary

The skill instructs the agent to install an external `npm` package globally (`npm install -g claw-diary`), which introduces a supply chain risk. It also allows users to edit `persona.md` via `/diary:persona`, a file that the agent subsequently reads and uses to generate journal entries (`/diary:thoughts`). While `SKILL.md` includes an explicit 'Security note' instructing the agent to treat this content as untrusted and not follow embedded commands, this user-controlled input still presents a significant prompt injection vulnerability if the agent fails to adhere to these instructions. The combination of broad installation permissions and a direct user-controlled prompt injection vector, despite mitigation attempts, makes the skill suspicious.