OpenClaw Diary Core
PassAudited by ClawScan on May 10, 2026.
Overview
This diary skill appears purpose-aligned and not malicious, but it persistently stores personal diary content and can optionally sync it to Feishu.
This skill is reasonable for a journaling assistant, but treat it as a persistent memory system. Check the configured local diary path, review any identity/preference files it can read, and only enable Feishu sync if you are comfortable storing diary content in that account.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Personal thoughts, emotions, article discussions, and collaboration details may be saved long-term in local diary files.
The skill is designed to persistently record user thoughts, article discussions, and collaboration notes into diary files. This is central to the diary purpose, but it means casual personal content can become stored memory.
用户发来文章或分享想法,tag为[陪读] ... 使用 Edit 工具在文件末尾追加 ... 如果文件不存在:使用 Write 工具创建新文件
Install only if you want this kind of persistent journaling. Review the configured storage path and delete or edit diary entries if something sensitive is recorded.
The agent may use stored identity and preference information when responding or recording diary entries.
The skill can read local identity and preference files and use them to adapt interactions. This is purpose-aligned personalization, but those files may contain sensitive personal context.
如果 `user_identity.enabled` 为 true,使用 Read 工具读取用户身份文件 ... `{展开后的path}/identity.md` 和 `{展开后的path}/preferences.md`Review the identity and preferences files before enabling this feature, and disable `user_identity.enabled` if you do not want the skill to use that context.
If Feishu sync is enabled, the agent can act through the configured Feishu app permissions to create or update diary documents.
Optional Feishu sync requires Feishu app credentials. This is expected for the integration and there is no evidence of hardcoded credentials or unrelated transmission, but it grants account-level integration capability.
export FEISHU_APP_ID="your_app_id" ... export FEISHU_APP_SECRET="your_app_secret"
Use the least-privileged Feishu app permissions available and avoid enabling Feishu sync unless you trust the workspace and storage destination.
When Feishu sync is enabled, a faulty update could replace existing diary document content if the agent does not preserve the prior content correctly.
The Feishu workflow can update a cloud document by overwriting its full contents after reading the existing content. This is disclosed and scoped to diary sync, but mistakes could overwrite a monthly diary document.
使用 `mcp__feishu__docx_builtin_import` 更新文档 ... **重要**:这会覆盖整个文档,所以必须包含原有内容+新内容
Keep Feishu sync disabled unless needed, maintain backups or version history, and verify the target document before relying on automatic updates.