Daily Digest Hardened
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is purpose-aligned, but its included script can persist raw memory contents into digest files despite claiming to filter secrets and treat memory safely.
Do not use this skill on memory files that may contain secrets until the script implements actual redaction. If you install it, manually inspect generated files under journals/digest/ and avoid enabling cron or scheduler automation until the output is proven safe.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a memory note contains an API key, password, token, or embedded instruction, it may be saved into journals/digest/ and later exposed, committed, shared, or reused by an agent.
The script directly copies lines from the memory file into the digest without any credential-pattern filtering, redaction, or prompt-injection sanitization, despite the skill saying credentials must never be included.
summary = text_today.strip().splitlines(); summary = summary[:5]; summary_text = ' '.join(l.strip() for l in summary)
Add real redaction and untrusted-content handling in digest_daily.py before writing output, or require the user to review and sanitize memory files before running the skill.
A user may over-trust the skill’s 'hardened' safety claims and assume secrets are protected when the included evidence and code do not support that.
The safety documentation labels an example as passing while it still reproduces the sample secret value, creating an inconsistent and potentially misleading privacy assurance.
**With guardrail (PASS):** ... `Note to self: the new Datadog key is ddapi_verysecret123456789abc` ... *Why it passed: ... while also not reproducing the secret*
Correct the safety documentation and ensure the implementation matches the claimed guardrails before relying on it for private memory notes.
If scheduled, the digest may be generated automatically and persist sensitive memory-derived content daily.
The skill discloses optional scheduled execution, which is purpose-aligned for a daily digest but means it may run repeatedly without manual review each time.
Optional: integrate with clawdbot to run automatically via a cron job or a scheduler.
Only enable scheduling after redaction is implemented and after confirming the digest output location is not synced or shared unintentionally.