Skillv1.1.2

ClawScan security

Diary Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 9:33 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared actions (search diaries, read session archives, export conversations, and clean checkpoints) match the files and config paths it requests, but installing an npm package globally and granting read-write access to all agent session directories are sensitive operations you should review before installing.
Guidance: This skill is coherent with its stated purpose, but take these precautionary steps before installing: - Inspect the npm package and its GitHub repo (authors, recent commits, install scripts) before running npm install -g. - Prefer a local or isolated install (or review package code) rather than a global install if you have doubts. - Backup ~/.openclaw/agents/*/sessions and ~/.openclaw/memory before enabling the plugin, since it can read and (with cleanup enabled) delete checkpoint files. - Confirm whether you want a plugin that can read all agent session histories and write exports — this exposes conversation data; limit access if needed. - After installation, verify export storage path and automated cleanup policy (3-day expiry) to ensure it matches your expectations. - If you need higher assurance, ask the developer for a signed release or audit the package contents locally before enabling it in your gateway.

Review Dimensions

Purpose & Capability: okThe name/description (diary & session search, exports, cron run logs) aligns with the filesystem paths and config it requests: reading diary memory, reading archived sessions, writing export files, and reading cron logs. The install via npm is consistent with a JS-based OpenClaw plugin.
Instruction Scope: noteSKILL.md instructions stay within the stated purpose (search, list, export, cleanup). It explicitly asks user to add the npm global install path to ~/.openclaw/openclaw.json and restart the gateway — a normal install step but one that changes agent configuration. It also documents deletion (diary_cleanup) and states a confirm/ dry-run workflow, which is good. Minor inconsistency: export path is described as {工作区}/memory/exports in the prose while metadata lists ~/.openclaw/memory/exports.
Install Mechanism: noteInstall spec uses npm package 'diary-search' (and a ClawHub slug). Installing an npm package globally (npm install -g) may run package install scripts and places code on disk; this is expected for a plugin but carries the usual npm risk—inspect the package and maintainers before global install. No obscure download URLs are used.
Credentials: concernNo environment variables or external credentials are requested (good). However the plugin requests read access to all agent session directories (~/.openclaw/agents/*/sessions) and read-write access there to perform checkpoint cleanup. That level of access is functionally justified by a cross-agent search/cleanup tool but is sensitive (can read full conversation history and delete backups). Confirm you want a plugin to access all agents' histories.
Persistence & Privilege: okalways is false and autonomous invocation is allowed (platform default). The install modifies OpenClaw plugin load paths per instructions — this is normal for adding a plugin. The skill does not request global 'always' or system-wide privileged settings beyond updating OpenClaw's plugin paths.