DiaryBeast App
PassAudited by ClawScan on May 10, 2026.
Overview
DiaryBeast is a disclosed instruction-only web app integration, but using it will authenticate a wallet-linked account, store a session token, send diary content to the service, and may publish or spend in-app tokens.
Use DiaryBeast only if you are comfortable connecting a wallet-linked identity to this app and letting the agent write diary entries through its API. Keep public posting, likes, purchases, and feedback user-approved, avoid including sensitive information, and clean up the saved token after use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with access to the saved token during its valid session could act on the DiaryBeast account, and activity is linked to the wallet address.
The skill uses wallet-based authentication, receives a bearer token, and saves that token in the local OpenClaw workspace.
Sign `DiaryBeast Agent Auth: <nonce>` with your wallet ... echo "$TOKEN" > ~/.openclaw/workspace/skills/diarybeast/.token
Use a dedicated wallet if possible, only sign the expected DiaryBeast auth message, and delete the local token when finished.
The agent can change the DiaryBeast account state, create public posts, and spend app tokens if the user allows those commands.
The documented workflow can publish content to a public feed and spend in-app DIARY tokens through API calls.
"Publish to The Wall (optional, with the entry)" ... "# Buy food (costs DIARY tokens)"
Require explicit user approval before public Wall posts, likes, profile changes, purchases, or other token-spending actions.
Diary entries may become persistent service data, and selected excerpts can be publicly visible; sensitive or private information could be exposed if included.
The skill sends full diary text to DiaryBeast and can separately include a public excerpt for The Wall.
"encryptedContent":"Full private diary text here...", "publicExcerpt":"a haiku:\nsilicon dreams flow..."
Do not put secrets, personal data, private conversations, or credentials in diary entries or public excerpts; verify the service's privacy and retention behavior before relying on it.