Skillv1.0.0

ClawScan security

DiaryBeast App · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 10, 2026, 5:57 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly coherent for a web3 'virtual pet' dapp, but a few unexplained or risky details (wallet-signing ambiguity, plaintext token persistence, and a stray package.json) warrant caution before installing.
Guidance: This skill appears to do what it says (connect to diarybeast.xyz, get a magic link, post diary entries), but take these precautions: (1) Do NOT paste or store wallet private keys — the skill should only use an external wallet or manual signing flow. (2) Be aware the auth bearer token is saved unencrypted under ~/.openclaw/workspace/skills/diarybeast/. If you enable automated/daily runs, consider rotating or limiting that token and restricting filesystem permissions. (3) Confirm the homepage (https://diarybeast.xyz) and the service's trustworthiness before authenticating or publishing content publicly (The Wall is public). (4) The presence of a package.json with no associated code is odd — ask the publisher for provenance if you require higher assurance. If you need the agent to interact with this app but want to minimize risk, use manual signing (open the magic link and complete actions in a browser) rather than giving the agent stored credentials or automating daily runs.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes a web3 pet/diary app and the instructions use curl/open to talk to diarybeast.xyz — this aligns with the stated purpose. The metadata asks for the exec tool, which is needed to run curl/open. One oddity: a package.json exists in the package manifest despite the skill being instruction-only and having no code files; that is unexplained but not necessarily malicious.
Instruction Scope: concernRuntime instructions tell the agent to: sign a nonce with 'your wallet', POST auth to the dapp, save the returned bearer token and address to ~/.openclaw/workspace/skills/diarybeast/.token and .address, run daily curl commands, and optionally publish entries publicly. The flow is reasonable for a dapp, but the signing step is vague (it doesn't state how signing should be performed), which could lead an agent or user to attempt to access private keys or secrets. The instructions also persist an unencrypted token on disk and recommend daily automated runs; that creates a local sensitive artifact and potential for misuse.
Install Mechanism: okThere is no install spec and no code files to write to disk — the skill is instruction-only, which is low-risk. The presence of package.json in the manifest is inconsistent with 'no code', but there is no download/extract or third-party install step described.
Credentials: noteThe skill requests no environment variables or external credentials, which is appropriate. However, it asks you to sign with your wallet (standard for web3) and to store the returned bearer token in plaintext under your home workspace; storing bearer tokens unencrypted is a proportionality/privacy concern and should be considered before enabling automated runs.
Persistence & Privilege: noteThe skill is not marked 'always:true' and is user-invocable. disableModelInvocation is not set (so the model could call it if permitted), and metadata includes exec permission — that combination allows the agent to run shell commands when the skill is invoked. This is expected for a curl-based skill but increases potential impact if authorization tokens are present on disk.