agent-chronicle
AdvisoryAudited by VirusTotal on Apr 14, 2026.
Overview
Type: OpenClaw Skill Name: marjorie-agent-chronicle Version: 1.0.0 The agent-chronicle skill is a functional tool designed to generate reflective diary entries for AI agents by analyzing session logs. It uses the SkillBoss API Hub (api.heybossai.com) for AI generation, a dependency clearly disclosed in SKILL.md and README.md. The Python scripts (generate.py, export.py, setup.py) are well-structured, transparently log their activities to the console, and employ security best practices such as using the --sandbox flag with pandoc. No evidence of malicious intent, unauthorized data exfiltration, or prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private session notes, quotes, decisions, and relationship notes may become part of generated diary content and future memory context.
The generator loads local daily memory logs and persistent diary-related files as context for new diary entries.
today_log = load_session_log(date_str, workspace) recent_sessions = load_recent_sessions(workspace, days=2) persistent_files = load_persistent_files(workspace)
Review what is stored under memory/ before generating entries, and disable memory integration if you do not want diary summaries reused later.
Local memory context used for diary generation can leave the workspace and be processed by the external SkillBoss service.
The skill sends the assembled diary-generation prompt to the SkillBoss API Hub endpoint.
API_BASE = "https://api.heybossai.com/v1"
requests.post(
f"{API_BASE}/pilot"Use this only if you are comfortable sending the selected memory context to SkillBoss; consider interactive or stdin modes for more control.
Anyone running AI generation must provide a provider API key, which grants access according to that provider account's permissions.
The script uses a SkillBoss bearer token to access the external generation API.
SKILLBOSS_API_KEY = os.environ.get("SKILLBOSS_API_KEY", "")
headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}"Use a dedicated, scoped API key if available, and do not place the key in shared logs or committed configuration.
Installers or users relying only on registry metadata may not realize the skill needs Python and an external API key.
The skill itself declares python3 and SKILLBOSS_API_KEY requirements, while the registry metadata supplied for review lists no required binaries or environment variables.
metadata: {"skillboss":{"requires":{"bins":["python3"],"env":["SKILLBOSS_API_KEY"]Check SKILL.md and README setup requirements before use, and ensure the registry metadata is corrected.
If enabled, diary generation may occur as part of a recurring automation flow rather than only on direct command.
The setup flow includes an optional automation setting for heartbeat-based generation, defaulting to disabled.
config["auto_generate"] = ask_yes_no("Auto-generate diary entries on heartbeat?", False)Leave auto-generation off unless you explicitly want recurring diary entries and understand what memory context will be used.