← Back to Skills Marketplace
551
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install mini-diary
Description
AI-powered minimal diary with smart auto-tagging and optional cloud sync. Perfect for daily journaling, work logs, or project tracking.
Usage Guidance
What to do before installing:
1) Inspect SKILL.md raw content for hidden unicode control characters (use a hex/UTF-8 viewer or `cat -v`, `xxd`) and remove/ask author for a clean copy if any are present. The scanner found 'unicode-control-chars' which could be an obfuscation attempt or a false positive from emojis.
2) Verify source: the package.json/SKILL.md reference a GitHub repo but registry source shows unknown. Confirm the upstream repository and review recent commits or open issues; prefer installing from a verified upstream.
3) Test in a sandbox: run the scripts locally on a throwaway diary file in a non-privileged environment (e.g., set DIARY_FILE to a test file in a temp dir) and run test_security.sh to exercise safety checks.
4) Be careful with NextCloud instructions: they include chown and docker exec commands that require elevated privileges. Only set NEXTCLOUD_SYNC_DIR to a directory you control and avoid running recommended chown/docker commands unless you understand and accept the privilege implications.
5) Review install.sh behavior: it copies the repository into the agent skills directory. Confirm OPENCLAW_HOME is correct and verify the copied files and file ownership after installation. The installer only sets executable bits for files owned by the user, which is safer than unconditional chmod.
6) If you plan to allow autonomous agent invocation, note that the skill can be invoked by the agent to read/write diary files in your home directory (as designed). Ensure you are comfortable with that access and the default DIARY_FILE location.
If any of the above checks fail or you find hidden control characters, treat the package as untrusted and do not install until the author provides a clean, verifiable source and explanation.
Capability Analysis
Type: OpenClaw Skill
Name: mini-diary
Version: 0.1.2
The Mini Diary skill demonstrates a strong commitment to security, explicitly addressing and fixing critical vulnerabilities related to arbitrary file writes in version 0.1.2, as detailed in `CHANGELOG.md`. All shell scripts (`add_note.sh`, `install.sh`, `search_diary.sh`) implement robust path validation to prevent access or modification of system directories, utilize strict bash modes (`set -euo pipefail`), and perform safe file operations (e.g., `chmod` with ownership checks in `install.sh`). The `test_security.sh` script further confirms these defenses. There is no evidence of intentional malicious behavior such as data exfiltration, unauthorized remote execution, persistence mechanisms, or prompt injection attempts against the OpenClaw agent. Instructions in markdown files (e.g., `chown`, `docker exec`) are clearly for the user's manual setup, not for the agent to execute directly under its `allowed-tools` scope.
Capability Assessment
Purpose & Capability
Name/description match the provided scripts: add/search/install scripts, templates, examples, and docs implement a Markdown diary with auto-tagging and optional NextCloud sync. The presence of DIARY_FILE, NEXTCLOUD_SYNC_DIR, TAGS_CONFIG and related logic is appropriate for the stated features. One minor mismatch: registry metadata lists "Source: unknown" while package.json/SKILL.md point to a GitHub repo (verify upstream origin).
Instruction Scope
SKILL.md and the scripts are narrowly scoped to diary operations (adding notes, searching, optional copying to NextCloud). However, SKILL.md/doc text includes instructions that require elevated/system operations for NextCloud (chown, docker exec php occ) — these are user-facing instructions, but they involve privileged actions outside the diary scope and should be executed only by the user when they understand the consequences. The static scanner also flagged unicode-control-chars inside SKILL.md (possible hidden characters/prompt-injection); the rest of the scripts do not perform network calls or external data exfiltration.
Install Mechanism
There is no registry install spec; installation is via included install.sh or ClawHub. install.sh copies local files into the agent skills directory and makes scripts executable only if owned by the user. No remote downloads or URL-based installs are used. The installer requires OPENCLAW_HOME (and exits if not present) — sensible for an OpenClaw skill.
Credentials
No required credentials are requested. The scripts reference optional environment variables (DIARY_FILE, NEXTCLOUD_SYNC_DIR, TAGS_CONFIG, MINI_DIARY_DEBUG) that are proportional to functionality. Caveat: enabling NextCloud sync will cause the script to write/copy files into the chosen directory and SKILL.md/docs advise running chown/docker commands (which require elevated privileges). Ensure you only point NEXTCLOUD_SYNC_DIR at a location you control and understand owner/permission changes.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configurations. install.sh copies files into the skill's own install directory. Agent autonomous invocation is enabled by default (normal for skills) but there is no evidence the skill demands global persistent privileges or alters unrelated agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mini-diary - After installation, invoke the skill by name or use
/mini-diary - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
Mini Diary v0.1.2 - Security Hardening Release
**Critical Security Fixes**:
1. Fixed arbitrary file write vulnerability (CWE-22)
2. Added comprehensive path validation
3. Implemented strict bash security mode
4. Safe permission operations with ownership checks
5. Restricted to user directories only
**Note**: Full MIT license included in SKILL.md (lines 597-622).
This release addresses all security concerns from v0.1.0.
v0.1.0
Initial release of mini-diary.
- Introduces an AI-powered minimal diary supporting smart auto-tagging and powerful search.
- Features clean Markdown formatting for daily notes and todos.
- Provides basic statistics, tag frequency, and completion tracking.
- Optional NextCloud sync with setup guidance for cloud backups.
- Open data format: users own their data in plain Markdown.
- Highly configurable, including custom tags and directory paths.
Metadata
Frequently Asked Questions
What is Mini Diary?
AI-powered minimal diary with smart auto-tagging and optional cloud sync. Perfect for daily journaling, work logs, or project tracking. It is an AI Agent Skill for Claude Code / OpenClaw, with 551 downloads so far.
How do I install Mini Diary?
Run "/install mini-diary" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Mini Diary free?
Yes, Mini Diary is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Mini Diary support?
Mini Diary is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Mini Diary?
It is built and maintained by PXD (@printxdreams); the current version is v0.1.2.
More Skills