Back to skill
Skillv1.0.0
ClawScan security
Daily Journal · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 4:01 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally consistent: it implements a local, file-based journaling tool that reads/writes files under a user directory and does not request external credentials or network access.
- Guidance
- This skill appears to do exactly what it says: a local journal stored at ~/.journal (or $JOURNAL_DIR). Before installing, review the script (it's included) and be aware it will create and write files in your home folder. There are no network calls or credential requirements. If you will store sensitive personal data, consider encrypting backups or choosing a secure directory. Note: there are minor bugs/rough edges in the script (e.g., a shell arithmetic expression in stats and some awkward date handling) which are functional issues rather than security risks.
Review Dimensions
- Purpose & Capability
- noteThe script implements the stated journaling features (write, view, search, mood, gratitude, export, etc.) and stores data in a local directory (default $HOME/.journal). Minor mismatch: SKILL.md lists runtime: python3 while the main executable is a bash script that calls python3 for a few subcommands — not dangerous but slightly inconsistent.
- Instruction Scope
- okRuntime instructions and the included script operate only on local files in the configurable JOURNAL_DIR (default ~/.journal). The skill does not read unrelated system files, environment secrets, or send data to external endpoints.
- Install Mechanism
- okNo install spec or external downloads are used; the skill is instruction-only with an included shell script. Nothing in the manifest pulls remote code or archives.
- Credentials
- okNo required environment variables or credentials are declared. The script optionally honors JOURNAL_DIR to change storage location — a proportional and reasonable config option for this purpose.
- Persistence & Privilege
- okThe skill does not request permanent/global privileges (always is false). It creates and writes files only under the user's journal directory and does not modify other skills or global agent settings.