Decision Log
v1.0.2AI-powered decision journal for solopreneurs — capture decisions with context, rationale, and expected outcomes, then review them later to learn from what yo...
⭐ 0· 284·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name and description (decision journal / review / analysis) match the runtime instructions. All required actions (create decision files, update an INDEX.md, run reviews and analyses) are proportional to the stated goal. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope
The SKILL.md instructs the agent to create, read, and update files under decisions/ and to prompt the user for outcomes and lessons — this is within scope. It also recommends automatic triggers (e.g., ask to log when user mentions spending money, when starting a project, or when adding a tool) and cross-checking with other agent skills (goal-tracker). Those behaviors grant the agent broad discretion to prompt and to create files automatically; this is expected for a journaling skill but may produce many prompts or create entries you didn't intend if the agent is configured to act autonomously. There are no instructions to read files or environment variables outside the decisions/ hierarchy.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is downloaded or written by an installer. This is the lowest-risk install profile.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The SKILL.md does not attempt to access secrets or other environment variables. All file access is local and limited to the decisions/ directory described in the instructions.
Persistence & Privilege
always is false (normal). disable-model-invocation is false (normal), meaning the agent can be invoked autonomously by default; combined with the recommended automatic triggers (spend-triggered logging, project-start detection, tool-adoption logging), this gives the skill practical autonomy to prompt and create files when the agent is running. This is a functional behavior of the skill, not a direct security flaw, but you should review agent-level autonomy settings if you don't want automatic logging.
Assessment
This skill is coherent and low-risk: it only asks the agent to create and read files under a decisions/ directory and to prompt you for outcomes. Before installing or enabling autonomous behavior, consider: (1) where decisions/ will live (local disk, repo, cloud sync) and whether you want potentially sensitive business details stored there; (2) whether you want the agent to run the automatic triggers — if not, disable autonomous invocation or remove those trigger instructions from your agent config; (3) never store secrets, credentials, or detailed competitor/customer PII in decision entries; and (4) back up or exclude the directory from any sync/publish workflows you don't control. If you want stronger guarantees, restrict the skill's write/read scope to a sandboxed directory and review agent prompts the first few times it runs.Like a lobster shell, security has layers — review code before you run it.
latestvk976pwxaxjy0f8d1nfgkhm90c582vx0v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.