ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dev Chronicle

v1.0.1

Generate narrative chronicles of developer work from git history, session transcripts, and memory files. Use when the user asks "what did I do today/this wee...

0· 662·1 current·1 all-time
bySamuel Ballesteros@sssamuelll
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's purpose (generate narratives from git, memory, and sessions) aligns with what it reads and requires: git repositories, memory files, and session transcripts. Minor mismatch: registry metadata lists no required binaries, but the README/script clearly expect git and python3 to be available.
Instruction Scope
Runtime instructions and the gather.sh script stay within the declared scope: they scan configured project directories for .git folders, cat memory YYYY-MM-DD.md files, and list session JSONL metadata. These actions will expose potentially sensitive local data (agent session transcripts and memory) — which is expected for this skill but worth noting.
Install Mechanism
No install spec; the skill is instruction-only with a bundled shell script. Nothing is downloaded or written outside its own skill directory except the config.json it creates inside the skill folder.
Credentials
The skill requests no environment variables or external credentials (consistent with the manifest). However it auto-detects and reads local OpenClaw/OpenClaw-like memory and session directories (~/.openclaw and ~/.claude candidates). Access to these local files is proportional to its purpose but can disclose sensitive chat history and memory — users should be aware.
Persistence & Privilege
always:false and normal autonomous invocation. The only persistent write described is creating a config.json inside the skill directory; the skill does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it says: it runs a local gather script to read git logs, your memory files, and session transcripts and then generates narrative chronicle text. Things to consider before installing: (1) it will read local OpenClaw memory and session files (these can contain private chat history or secrets) — review and possibly restrict projectDirs, memoryDir, and sessionsDir in the config before first run; (2) the script uses git and python3, so ensure those binaries are available (the registry metadata omits them but README/script expect them); (3) the gather output prints memory file contents — if you want to avoid exposing particular sessions, move or redact them first; (4) because there is no network install or external endpoints in the files, the blast radius is local only, but review the script yourself or run it in a sandbox if you have strong privacy concerns.

Like a lobster shell, security has layers — review code before you run it.

chroniclevk97byhs3ym78r7akyqcag0ft4181e1xkgitvk97byhs3ym78r7akyqcag0ft4181e1xkjournalvk97byhs3ym78r7akyqcag0ft4181e1xklatestvk97byhs3ym78r7akyqcag0ft4181e1xknarrativevk97byhs3ym78r7akyqcag0ft4181e1xkrecapvk97byhs3ym78r7akyqcag0ft4181e1xkstandupvk97byhs3ym78r7akyqcag0ft4181e1xk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments