Openclaw Diary Setup
WarnAudited by ClawScan on May 10, 2026.
Overview
This diary setup is mostly aligned with creating a journal system, but it also documents broad credential use, persistent memory import, shell-profile changes, and runtime installation of other tools/skills without tight scoping.
Install only if you are comfortable with a diary setup that may install additional tools/skills, store credentials or auth files locally, and import broad personal/work data into persistent AI memory. Prefer the local-only path, review every requested provider authorization, avoid using broad tokens, and ask for explicit confirmation before any npm install, skill install, shell-profile edit, or all-source import.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup could modify the user's local agent and Node environment by installing remote packages or skills the user has not separately reviewed.
The instruction-only skill can install a global npm package and additional OpenClaw skills at runtime, with no pinned versions or reviewed install spec shown.
if ! command -v clawhub ... npm install -g clawhub ... clawhub install openclaw-diary-core ... clawhub install openclaw-diary-insights
Require explicit confirmation before installation, declare these dependencies in metadata/install specs, pin versions or trusted sources, and offer manual install instructions.
Service credentials could remain available in future shells and be inherited by unrelated local processes.
The setup design instructs Bash edits to persistent shell startup files and reloads them, including secret values, without showing rollback or safer credential storage.
echo 'export FEISHU_APP_ID="xxx"' >> "$RC_FILE" echo 'export FEISHU_APP_SECRET="xxx"' >> "$RC_FILE" source "$RC_FILE"
Use a scoped credential store or OpenClaw secret mechanism, avoid appending secrets to shell profiles by default, and ask the user before persistent environment changes.
Granting these credentials could expose email, cloud documents, workspace messages, repositories, and social accounts to the diary/import pipeline.
The importer guide requests access credentials for many personal and workplace services, but the artifacts do not define least-privilege scopes or clear limits for each account.
| Gmail | google-workspace-mcp | OAuth | | Google Docs | google-workspace-mcp | OAuth | | Google Drive | google-workspace-mcp | OAuth | | Slack | slack-mcp | Bot Token | | GitHub | 原生支持 | Token | | X/Twitter | twitter-mcp | API Key |
Request only the single provider the user selects, document exact scopes and data read/write permissions, and prefer read-only or least-privilege tokens.
Private content from previous agent projects or connected services could become persistent context for future diary interactions.
The artifacts describe broad import of local/private digital-life data and existing agent memory into persistent AI memory, without clear exclusions, retention, or reuse boundaries.
自动接入用户的数字生活数据源 - 统一导入为 AI Memory ... OpenClaw Memory | 本地读取 | 无需 MCP,直接读取 `~/.claude/projects/*/memory/`
Use explicit source-by-source consent, path allowlists, sensitive-data exclusions, retention controls, and a way to inspect/delete imported memory.