Llm Chain
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a local Bash logbook for LLM workflow notes, with no credential or network use evidenced, but it stores entered data in plaintext and has minor metadata/install clarity gaps.
This is reasonable to use as a local LLM-workflow logbook if you are comfortable with plaintext local storage. Before installing, verify how the llm-chain command is bound to the included script, and avoid entering API keys, secrets, private prompts, or proprietary dataset details unless you are prepared to manage the resulting local log files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive prompts, dataset notes, cost data, or operational details entered by a user or agent can remain on disk and later be searched or exported.
The skill is designed to persist arbitrary prompts, metrics, costs, and fine-tuning notes in local plaintext logs, which is disclosed and purpose-aligned but may include sensitive or instruction-like content.
Every core command accepts free-text input... All data is stored locally in plain-text log files: ~/.local/share/llm-chain/
Avoid logging secrets or proprietary content, protect or periodically clear ~/.local/share/llm-chain, and treat retrieved log entries as untrusted notes rather than authoritative instructions.
Users may need to manually verify what executable is installed or invoked as llm-chain, and metadata will not enforce the Bash/Unix utility requirements.
The skill documents a llm-chain CLI and includes a script file, but the artifact set does not declare a concrete installation or command-binding mechanism.
No install spec — this is an instruction-only skill.
Inspect the included script before use, confirm the llm-chain command points to the reviewed file, and prefer clear, pinned installation instructions.
A user could expect actual LangChain4j or LLM integration capabilities when the artifacts mainly provide local note logging.
The metadata suggests a Java LangChain4j integration, while the documented and scripted behavior is a local logbook CLI.
description: "LangChain4j is an open-source Java library..." ... "Each command logs timestamped entries to local files"
Treat this as a local logging utility, not a Java LLM integration, unless additional verified artifacts provide that functionality.