Back to skill
Skillv0.1.1
ClawScan security
Morning · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 8:11 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested actions (reading/writing journal files and calling the Brain MCP for tasks/projects) line up with its journaling/planning purpose; nothing in the package indicates hidden exfiltration or unrelated privileges.
- Guidance
- This skill is coherent with its stated purpose, but check these practical points before installing: (1) Confirm your journal/inbox live at the relative paths the SKILL.md expects (../../journal/... and ../../inbox.md) so the agent will read/write the intended files. (2) The skill will update and append to your journal files automatically during the session ('No need to ask permission'), so if you prefer explicit consent before writes, request that the SKILL.md be changed to prompt before modifying files. (3) The skill calls your Brain MCP to list actions/projects — ensure your Brain MCP is configured and you are comfortable the agent can read that data. (4) Consider removing or restricting the 'Bash' tool from allowed-tools if you don't want the agent to run arbitrary shell commands; the skill's behavior appears achievable with Read/Edit/Write/Grep/Glob alone. (5) Test the skill in a safe environment or back up your journal files before first run to verify it edits files the way you expect.
Review Dimensions
- Purpose & Capability
- okThe name/description match the runtime instructions: the skill reads yesterday/today journal files, an annual goals file, inbox.md, and calls Brain MCP listActions/listProjects to surface tasks and projects. These file reads/writes and MCP calls are expected for a journaling/planning skill.
- Instruction Scope
- noteInstructions explicitly direct reading/writing specific relative files (../../journal/YYYY/..., ../../inbox.md), scanning journal directories for decisions, and updating journal files throughout the day (appending timestamped Log entries). This behavior is coherent for a journaling skill but notable because the skill will append/write to files without asking the user each time ('No need to ask permission — keep the conversation flowing'). If you want interactive consent before edits, the SKILL.md should be changed to require AskUserQuestion confirmations before write operations.
- Install Mechanism
- okNo install spec and no code files beyond SKILL.md/README/package.json — this is instruction-only and the lowest-risk install profile (nothing is downloaded or executed outside the agent runtime).
- Credentials
- okThe skill requests no environment variables or external credentials. It does require that the OpenClaw environment have the Brain MCP configured (the README notes this). That requirement is proportionate to calling mcp__claude_ai_Actions_Team__listActions and listProjects.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; autonomous invocation is allowed but that is the platform default. The skill does not request system-wide config changes or cross-skill credentials. One small note: allowed-tools includes 'Bash' in addition to Read/Edit/Write/Grep/Glob; the instructions do not require arbitrary shell execution, so including Bash increases the agent's ability to run shell commands beyond what's necessary for journaling and could be tightened.