claw-diary
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill triggers the global installation of the
claw-diarypackage via NPM. The author0xbeekeeperand the organizationopenclaware not included in the trusted external sources list, making the dependency unverifiable. - COMMAND_EXECUTION (MEDIUM): The skill executes multiple shell commands using the
claw-diarybinary, including summarizing logs, searching history, and exporting data. While it attempts to handle arguments safely for the search command, the binary itself is from an untrusted source. - PROMPT_INJECTION (LOW): The
/diary:thoughtscommand implements an indirect prompt injection surface (Category 8) by processing untrusted log data. - Ingestion points: Reads data from
~/.claw-diary/events/*.jsonl,~/.claw-diary/persona.md, and historical journal files. - Boundary markers: Employs a natural language security note advising the agent to treat content as factual context and ignore embedded instructions.
- Capability inventory: Executes the
claw-diaryCLI and has read/write access to the~/.claw-diary/directory. - Sanitization: Relies on instructional constraints rather than technical sanitization, schema validation, or robust delimiters for the ingested log content.
Audit Metadata