ClawHub
Back to skill

Security audit

OpenClaw Diary Core

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed diary skill that persistently records personal journal content, with optional external sync, so it is privacy-sensitive but not deceptive or malicious.

Install only if you want a proactive journaling assistant that can create durable records of your conversations. Review the local diary path, disable user_identity if you do not want profile-based personalization, and keep third-party sync off unless you are comfortable storing entries in that external service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The config explicitly enables access to a separate user identity directory containing identity, preferences, and social account files, which expands the skill from simple journaling into broader profile ingestion. In a diary skill, this increases privacy exposure and the chance that sensitive personal data is collected, correlated, or reused outside the user's immediate journaling intent.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The post-processing section permits attaching unrelated downstream skills such as life coaching and social media writing, which can repurpose diary content beyond recording. Even if currently disabled, the configuration establishes a pathway for sensitive journal entries to be transformed and exported into other contexts, increasing data misuse and privacy risk.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The automatic trigger rules are broad enough to activate during ordinary conversation, increasing the chance the agent will solicit or capture journaling content when the user did not intend durable storage. In a diary skill that writes to local files and can sync to third-party platforms, ambiguous activation meaningfully raises privacy and consent risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README promotes local and multi-platform syncing of personal diary content without an equally prominent privacy warning about retention, third-party disclosure, and credentialed integrations. For a journaling skill handling intimate free-form text, insufficient disclosure can lead users to unknowingly store sensitive data in external services.

Vague Triggers

High
Confidence
98% confidence
Finding
The trigger conditions are extremely broad and match ordinary conversation such as mentioning 'today' or casually sharing thoughts. In a diary skill that writes to local or external storage, this creates a real risk of unintended capture and persistence of sensitive personal content without a sufficiently explicit user action.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The proactive inquiry logic is underspecified and invites activation based on vague behavioral signals like sharing a link or mentioning a time cue. In this context, ambiguity increases the chance that the assistant will pressure users into recording or treat ordinary discussion as journal-worthy, undermining informed consent.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill advertises aggressive activation and multi-platform syncing but does not clearly warn users that normal conversation may be stored locally or sent to third-party services. This is dangerous because users may disclose intimate or regulated information under the assumption they are merely chatting, not creating a durable record.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The implicit triggers include very common conversational phrases like '刚才', '我在想', and 'today I', making accidental activation likely during ordinary chat. In the context of a diary tool that stores personal thoughts and can sync them externally, overbroad triggering can cause unintended capture of sensitive user content without clear consent.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill is designed to preserve users' exact words and optionally sync them to external platforms, creating a direct data retention and disclosure channel for sensitive natural-language content. Because diary entries can contain personal, financial, health, relationship, or work-confidential information, exact-quote storage plus syncing materially increases the consequences of accidental capture, account compromise, or overbroad sharing.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instruction to be 'sensitive' to casual phrases and not wait for an explicit recording request encourages overcollection of conversational data. Because the skill stores diaries and may sync them to Feishu, this materially increases privacy risk by normalizing retention of content the user may not have intended to preserve.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to read identity and preference files and use them to adapt behavior, which is a form of personal profiling. Even if intended for personalization, this expands collection and processing of potentially sensitive user data beyond the minimum needed for diary recording, increasing privacy exposure if those files contain intimate, professional, or protected details.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal