Back to skill
Skillv1.0.0
ClawScan security
Daily Diary · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 2:11 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions are consistent with an automated, local daily-diary generator: it only needs access to conversation history and a ~/diary/ path and does not ask for unrelated credentials or installs.
- Guidance
- This skill appears coherent and focused on generating local diary drafts, but review these practical points before installing: - Data access: the skill scans 'today's conversation records' and may read persona files (MEMORY.md, USER.md, SOUL.md, IDENTITY.md, AGENTS.md). Make sure you are comfortable with the agent accessing those files and check them for any secrets before enabling the skill. - Sensitive-data filtering: the SKILL.md requires removing API keys, passwords, connection strings, SSH keys, .env content, etc. Confirm the platform's implementation actually enforces that filtering or consider double-checking drafts before saving. - Delivery channels and cron example: the provided cron/jobs.json shows delivery via a channel (e.g., feishu). If you enable scheduled pushes, verify what channel/recipient IDs are configured and that sending drafts to a group or external channel is intended. The skill itself doesn't request Feishu credentials, but your platform/channel configuration may cause network transmission — review that separately. - Storage & access control: diaries are stored under ~/diary/ in plaintext per the spec. If you need encryption or tighter access controls, implement them (or disable automated saves) before use. - Confirm limits: ensure the agent cannot access ~/.ssh, ~/.aws, ~/.config, .env, or credential files as claimed — if platform policies allow broader file access, restrict them. If these items are acceptable and you trust the host environment's channel configuration and file permissions, the skill is consistent with its purpose. If you have stricter privacy requirements, disable automated scheduling and review each draft manually before saving or pushing.
Review Dimensions
- Purpose & Capability
- okThe name/description (generate daily diary from conversations) aligns with the runtime instructions (scan today's conversations, extract topics/decisions/insights, generate a draft, prompt user, save to ~/diary/). No unexpected binaries, env vars, or unrelated capabilities are requested.
- Instruction Scope
- noteInstructions explicitly tell the agent to scan 'today's all conversation records' and may read persona files (MEMORY.md, USER.md, SOUL.md, IDENTITY.md, AGENTS.md) to match voice. The skill also instructs writing to ~/diary/. These actions are reasonable for the stated purpose, but they mean the agent will access a broad set of personal content. The SKILL.md includes explicit sensitive-data filtering rules and forbids reading ~/.ssh, ~/.aws, ~/.config, .env and credential files, which reduces risk. Confirm the platform enforces those access limits and the filtering is effective.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk beyond the diary files the skill itself creates. This is the lowest-risk install model.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. Its declared data needs (conversation history and local persona files) are proportionate to the diary-generation purpose. No unrelated secrets are requested.
- Persistence & Privilege
- okalways is false and the skill does not request persistent, platform-wide privileges. It writes only under ~/diary/ per instructions and states it will not modify other files or other skills' configs.