Decision Journal
Security checks across malware telemetry and agentic risk
Overview
This appears to be a benign local decision journal, with the main consideration that it keeps potentially sensitive decision records on your computer.
This skill looks coherent for local decision journaling. Before installing or using it, remember that entries may include sensitive work or personal information and are stored under ~/.openclaw/decisions; inspect the included code if provenance matters to you, and manage or delete the local journal files when appropriate.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your decision history may remain on disk and be reused in future reviews, analysis, reminders, or exports.
The skill explicitly keeps persistent local decision records, reviews, derived patterns, and an index; these may contain sensitive personal or professional reflections and can influence later analysis.
Decisions are stored in: ~/.openclaw/decisions/ ... decisions.jsonl ... reviews.jsonl ... patterns.json ... index.json
Only record information you are comfortable storing locally, and periodically review, back up, or delete ~/.openclaw/decisions if needed.
It is harder to independently verify the origin of the included code or how the CLI is intended to be installed.
The artifacts include runnable Node/CLI code, but the registry metadata does not provide a source repository, homepage, or install specification; this is a provenance/setup gap, not evidence of malicious behavior.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill. Code file presence: 5 code file(s)
Review the included package files before using the CLI, and prefer an official source or repository if one becomes available.