Logbook
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is advertised as a journal, but its documentation and script describe a data-tool CLI that mainly logs command arguments locally.
Review this skill carefully before installing. It does not appear malicious, but it is not coherent with its advertised journal purpose and may not preserve or export journal entries as expected. If you use it anyway, inspect the script, confirm how it is invoked, and remember it writes a local history log under the LogBook data directory.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install it expecting a personal journal, but the provided instructions and script do not implement clear journaling, search, or export of journal entries.
The same artifact presents conflicting purposes: a personal journaling skill in the metadata/frontmatter and a dataset-processing CLI in the main instructions. This mismatch can mislead users and agents about what the skill will actually do.
description: "Write journal entries, search history, and export your personal log digitally." ... "LogBook is a data processing and analysis toolkit"
Do not rely on this as a journal until the package is corrected to match its description and the actual commands are verified.
Personal or sensitive text could be retained locally in `history.log` even if the command only appears to query or export.
Every command appends its action and argument to a persistent local history file. If the agent passes personal journal text, search terms, or sensitive file paths as arguments, those may remain in local storage.
_log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; }Avoid entering secrets or sensitive journal text as command arguments, and periodically review or delete the local log directory if you use the skill.
The commands shown in the skill may not work as documented, or users may need to manually inspect and run the bundled script.
The documentation uses `logbook` CLI examples, but there is no install declaration showing how the bundled script becomes that command. This is a setup/provenance gap, not evidence of malicious behavior by itself.
No install spec — this is an instruction-only skill.
Verify the installation path and command binding before use; prefer a corrected package with an explicit install or invocation method.