ClawHub

Openclaw Skill

v1.1.0

Your pet dies if you don't write. Adopt a virtual tamagotchi, journal daily to keep it alive, earn tokens on Base. One command to start — no wallet needed.

0· 1.4k·14 current·14 all-time
by@dxdleady·duplicate of @dxdleady/diarybeast
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, package.json and setup.mjs all align: the skill creates an agent wallet, authenticates with dapp.diarybeast.xyz, saves a token/address, and provides curl examples for the DiaryBeast API. No unrelated credentials, services, or binaries are requested.
Instruction Scope
Instructions tell the agent/user to run node setup.mjs, open a magic link, and use curl against the diarybeast API while reading/writing ~/.openclaw/workspace/skills/diarybeast/.token and .address. This is within scope for a web-backed tamagotchi, but it does read/write files in your home directory and transmits generated address/signature to an external server; the behavior is explained in the docs and visible in setup.mjs.
Install Mechanism
No install spec — instruction-only plus a small setup.mjs script. Nothing is downloaded from third-party URLs or written beyond the stated ~/.openclaw workspace directory. Low install risk.
Credentials
The skill requests no environment variables or external credentials. It stores a plaintext session token and generated address under ~/.openclaw/workspace/skills/diarybeast, which is appropriate for the service but is sensitive local state that persists for 24h. SKILL.md suggests using curl (which requires curl/node on the system) though 'required binaries' were not declared in the registry summary — minor mismatch.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system-wide privileges. It only writes its own files under ~/.openclaw and does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: it creates a local agent wallet (random address), posts that to diarybeast's API, saves a session token and address in ~/.openclaw/workspace/skills/diarybeast, and provides curl examples to interact with the service. Before installing or running: 1) verify you trust the domain (https://dapp.diarybeast.xyz) because the script contacts it and returns a magic link; 2) be aware the session token is stored in plaintext under your home directory (delete it if you stop using the skill); 3) the SKILL.md expects you to run node and use curl — ensure you are comfortable running the included setup.mjs locally; 4) if you are concerned about tracking or remote content, run the script in a disposable environment (container or VM) and inspect setup.mjs (it’s short and readable). The only minor inconsistency: the registry summary lists no required binaries, but the instructions assume node/curl/exec capability — make sure those are available and acceptable before running.

Like a lobster shell, security has layers — review code before you run it.

latestvk97at2dbrn4r03hw0kv3n3ems980kpcp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐾 Clawdis

Comments