Mini Diary
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
This skill looks reasonable for a local Markdown diary. Before using it, decide where your diary file should live, protect that file like other private notes, and do not enable NextCloud sync unless you are comfortable with the target account and sharing settings. Be especially careful with the documented sudo chown and docker commands for NextCloud troubleshooting. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your personal or work diary entries will remain on disk and may be readable by anyone or any process with access to that file.
The script persistently writes user-provided diary entries to a Markdown file in the user's home directory by default.
DEFAULT_DIARY="$HOME/diary.md" ... echo "- $note_content $tags" >> "$DIARY_FILE"
Use a diary path with appropriate file permissions, avoid storing secrets in diary entries, and consider backups or encryption if entries are sensitive.
If you set NEXTCLOUD_SYNC_DIR, private diary content may be copied into a cloud-synced location and become accessible through that NextCloud account or shared folder.
When the optional NextCloud sync directory is configured, the script copies the diary file to that directory, which may then be synchronized outside the local machine.
if [ -n "$NEXTCLOUD_SYNC_DIR" ]; then ... cp "$DIARY_FILE" "$NEXTCLOUD_SYNC_DIR/"
Only set NEXTCLOUD_SYNC_DIR to a trusted folder, review NextCloud sharing permissions, and leave it unset if you want the diary to stay local.
Running the command with the wrong path could change ownership of unintended files or affect a NextCloud installation.
The documentation includes a user-directed recursive privileged ownership change for NextCloud troubleshooting.
sudo chown -R www-data:www-data /path/to/nextcloud/diary/
Run privileged NextCloud commands only if you understand the path and container target, and prefer checking ownership with ls before making recursive changes.
If run manually, the installer modifies local OpenClaw skill files and writes a diary template in your home directory.
A manual installer is included that copies package files into the OpenClaw skills directory, makes scripts executable, and creates a default diary file.
cp -r ./* "$INSTALL_DIR/" ... chmod 755 "$script" ... cp "$INSTALL_DIR/templates/diary_template.md" "$DEFAULT_DIARY"
Prefer the normal ClawHub install flow when available, and inspect or run the installer only from a trusted checkout.