ClawHub

OPC Journal Suite

v2.3.0

OPC200 User Journal Experience Suite - Personal growth tracking, memory management, and insight generation for One Person Companies. Use when: (1) recording...

0· 69·0 current·0 all-time
by@coidea
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (local journaling, insights, milestones, async tasks) matches the code and declared requirements. The only required config is an enable flag (opc_journal.enabled). There are no unrelated environment variables, cloud credentials, or unexpected binaries requested.
Instruction Scope
Runtime instructions and sub-skill docs consistently describe local-only operations (memory_search/read/write tools, filesystem paths under ~/.openclaw/customers/{customer_id}/...). The skill will read and write user-scoped files (journal entries, indexes, schedules). This is expected for a journaling tool but is a high-impact local capability (it can create/modify files in your home directory).
Install Mechanism
Registry shows no install spec (instruction-only), yet the package includes many code files and provides a 'clawhub install' command in SKILL.md. There is no evidence of downloads from arbitrary URLs or package installers in the provided content. The absence of an install spec is not inherently malicious but means installation behavior depends on external tooling (clawhub).
Credentials
The skill requests no environment variables or secrets and its config-driven behavior (storage paths, retention, cron schedules) is consistent with the described functionality. No unrelated credentials are requested.
Persistence & Privilege
The skill is not marked 'always:true' and requests only its own config flag. However the default platform behavior allows autonomous invocation (disable-model-invocation: false). The skill includes a cron scheduler feature (configurable) that can report scheduled triggers for local tasks — it does not appear to modify system crontabs or call external endpoints in the shown code, but autonomous invocation plus scheduled local triggers increases the potential blast radius if the agent is given wide autonomy.
Assessment
This package appears to do what it advertises: a local-first journaling and insight suite that reads/writes files under ~/.openclaw/customers/{customer_id}/ and runs local analyses. Before installing, consider: (1) Review and confirm any omitted files (29 files were truncated in the dump) to ensure no hidden network calls or uploads. (2) Be aware the skill can create and modify files in your home directory — back up important data or review storage paths in config.yml. (3) If you don't want the agent to invoke skills autonomously or run scheduled checks, disable autonomous invocation in your agent settings or turn off the cron_scheduler in config.yml. (4) If you plan to install via 'clawhub', verify clawhub's behavior and the source/release provenance. If you want higher assurance, request a full review of the omitted files for network I/O or unexpected subprocess usage.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dww7ktjtm748vhkqqf13ahd83z6z9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📔 Clawdis
Configopc_journal.enabled

Comments