ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

My Diary

v2.1.5

个人日记管理技能。用于记录日记、查询日记、查看日记列表、删除日记等操作。当用户说"写入日记"、"查看日记"、"列出日记"、"删除日记"时触发此技能。

0· 72·0 current·0 all-time
by@stavc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description say it manages personal diaries, but the package contains only keyword text files and no instructions, code, or declared dependencies to implement recording, querying, listing, or deleting entries.
!
Instruction Scope
SKILL.md is just a list of keywords; it provides no runtime guidance about how to store, retrieve, protect, or delete diary data, nor does it specify endpoints, files, or agent actions. The instructions are overly vague and grant implicit discretion to the agent.
Install Mechanism
No install spec and no code files — lowest-risk from an installation/execution perspective, but also explains why the skill lacks implementation details.
Credentials
The skill requests no environment variables or credentials (appropriate), but because it deals with sensitive personal content there are no declared storage/encryption requirements or privacy assurances—this omission affects proportionality for handling secrets/data.
Persistence & Privilege
always is false and there are no special privileges requested. The skill will not be force-included and does not request system-level persistence.
What to consider before installing
This skill is internally inconsistent: it claims diary-management capabilities but provides no implementation or instructions. It is not clearly malicious, but it is incomplete and potentially risky for sensitive content because it does not say where or how diary entries would be stored, who can access them, or whether they're encrypted. Before installing, ask the publisher for: (1) the runtime SKILL.md with explicit steps the agent will take (storage location, APIs, or files used), (2) a privacy/security statement (how entries are stored, retention, encryption), and (3) source or homepage and author identity. If you must try it, do so with non-sensitive test entries in a sandboxed environment. If these details are not provided or remain vague, avoid using it for real personal diary content.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cqbnf9hgsz4m5kgmnpf6s3583ym7f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments