moyu-journal-auto
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a local joke-journal skill, but it handles sensitive activity data and makes an unsupported encrypted-storage privacy claim.
Review this skill before installing. If you use it, assume the journal files are not encrypted, keep optional browser/calendar access disabled unless needed, and check the contents of ~/.openclaw/moyu-journal/ periodically.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Enabling filesystem access may give the agent more local file capability than this skill strictly needs.
The README asks the user to enable filesystem tooling before first use. The skill says it will use this for its own journal directory, but the setting appears broader than that scoped path.
openclaw config set tools.allow_filesystem true
Use scoped filesystem permissions if OpenClaw supports them, and verify the skill only reads/writes ~/.openclaw/moyu-journal/.
Private chats, browsing patterns, calendar entries, and inferred habits could be summarized into the journal.
The skill uses persistent/retrieved context and optional browser/calendar data to infer user activity, which is sensitive even though it is related to the stated journaling purpose.
回顾当天聊天记录、浏览器历史(如果允许)、日历事件,推测摸鱼活动... 使用长期记忆或聊天历史查询当天/本周对话。
Only enable browser/history/calendar access if you are comfortable with that data being used; review and delete the local journal files when needed.
A user may believe the local journal is encrypted when it may actually be readable as plain local files.
The README claims encrypted local storage, but the provided artifacts show only instruction-level JSON file storage under ~/.openclaw/moyu-journal/ and include no encryption mechanism.
本地加密存储超安全
Treat the journal as plaintext unless encryption is actually implemented and documented; the author should remove or substantiate the encryption claim.
Using the generated text as a real work report could mislead other people and create workplace consequences.
The skill explicitly offers to generate a disguised work log. This is disclosed and not automatically submitted, but it is intentionally misleading if used as a real report.
**伪装高效工作日志**(老板版):把摸鱼时间“美化”成正经工作
Use the output for humor or personal notes, and do not submit it as factual work reporting unless it is accurate.