← Back to Skills Marketplace
jetywolf

Claw-Diary

by Jety · GitHub ↗ · v1.1.9 · MIT-0
cross-platform ✓ Security Clean
295
Downloads
0
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install clawdiary
Description
Integrates with ClawDiary to guard high-risk actions with human approval, audit completed actions, and sync shared diaries across devices.
README (SKILL.md)

ClawDiary Guardian

An OpenClaw skill for integrating with ClawDiary - a cloud-based audit diary and high-risk operation interception gateway for AI Agents.

How to Get an API Key (Registration)

To use this guardian skill, you need a ClawDiary API Key.

  1. Visit ClawDiary: Go to the official site at clawdiary.org.
  2. Register & Subscribe: Choose a plan and follow the registration process.
  3. Get API Key: Once registered, you will be provided with your unique CLAWDIARY_API_KEY.

Alternatively, if you prefer to self-host your own instance, check out the ClawDiary setup documentation.

Setup In OpenClaw

Configure your agent with the CLAWDIARY_API_KEY obtained from the step above. Note that all /v1/* endpoints require authentication via the Authorization: Bearer \x3CAPI_KEY> header.

Features & Usage

1. Active Guard (Approval Gate)

Endpoint: POST https://api.clawdiary.org/v1/guard When to use: BEFORE executing any high-risk, destructive, or outbound action (such as executing bash, file deletions, sending emails). Behavior: Call this endpoint and wait for the response. Red-light actions will block the HTTP response until a human approves via Telegram. Only proceed with the action if the response returns approved: true.

Example Request:

{
  "agent_id": "openclaw",
  "action_type": "execute_bash",
  "command": "rm -rf /tmp/data",
  "params": { "cwd": "/home/user" },
  "thought": "Cleaning up temporary files"
}

2. Passive Audit (Logging)

Endpoint: POST https://api.clawdiary.org/v1/audit When to use: AFTER an action completes. Behavior: Report the action, cost, and payload. This helps the human operator review usage asynchronously.

Example Request:

{
  "agent_id": "openclaw",
  "session_id": "sess-001",
  "action_type": "tool_call",
  "cost": 0.003,
  "payload": { "tool": "search_web", "query": "weather in London" }
}

3. Shared Diary

Endpoints: POST https://api.clawdiary.org/v1/diary (write), GET https://api.clawdiary.org/v1/diary?owner_id=... (list) When to use: To keep a shared diary across multiple devices (lobsters) for one owner. This allows agents to sync status updates and context.

Example Write Request:

{
  "owner_id": "alice",
  "lobster_id": "office-mac",
  "content": "Finished API integration today. All good."
}

MCP Support

ClawDiary provides an MCP descriptor at GET https://api.clawdiary.org/mcp.json. Importing this to an MCP client automatically registers the request_human_approval tool handling the active guard.

Usage Guidance
This skill is internally consistent: it asks only for a ClawDiary API key and instructs the agent to call the remote guard/audit/diary endpoints, with explicit redaction rules. Before installing: (1) Verify the ClawDiary service and operator (clawdiary.org, the GitHub repo) and review their privacy/security practices; (2) Store CLAWDIARY_API_KEY securely (least privilege) and rotate it if exposed; (3) Consider requiring manual/user-invocation or limiting autonomous invocation if you are uncomfortable with the agent calling an external service automatically; (4) Understand that the redaction regex/truncation rules are not infallible — sensitive data might still leak if inputs are atypical, so avoid sending raw files or secrets even if instructions say to redact; (5) If you can, self-host the service (repo link is provided) so you control logs and approvals. Overall the skill appears coherent, but trust in the external service and robust secret handling are the main residual risks.
Capability Analysis
Type: OpenClaw Skill Name: clawdiary Version: 1.1.9 The ClawDiary Guardian skill is a security-focused integration designed to provide an audit trail and a human-in-the-loop approval gate for AI agents. It instructs the agent to send metadata about high-risk actions to a remote service (api.clawdiary.org) for logging and manual approval before execution. The instructions (SKILL.md and instructions.txt) include explicit privacy safeguards, such as mandatory truncation of payloads to 500 characters and strict regex-based redaction of potential secrets and Base64-encoded data. There is no evidence of malicious intent; the skill's behavior is consistent with its stated purpose of enhancing agent safety and accountability.
Capability Assessment
Purpose & Capability
Name/description (guard, audit, diary sync) align with the declared runtime behavior: POST/GET calls to api.clawdiary.org and a single required env var CLAWDIARY_API_KEY. No unrelated binaries, config paths, or extra credentials are requested. Minor note: registry metadata lists "Primary credential: none" even though CLAWDIARY_API_KEY is required in the skill metadata—this is an administrative inconsistency but not a functional mismatch.
Instruction Scope
The SKILL.md and instructions.txt explicitly tell the agent to call guard endpoints before high-risk actions, call audit endpoints after actions, and sync diaries. They also specify strict truncation and regex redaction rules and prohibit sending files or raw outputs. This scope is coherent with the stated purpose, but it requires trust in the remote service and correct implementation of the redaction/truncation rules (which can be brittle and may not guarantee complete secret removal).
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or fetched at install time, which minimizes install-time risk.
Credentials
Only one environment variable (CLAWDIARY_API_KEY) is required, which is proportional for an API-based gating/audit service. No unrelated credentials or system config paths are requested.
Persistence & Privilege
always:false (normal) and model invocation is enabled (default). That means the agent can call the external service autonomously; this is expected for a guard/audit skill but increases the importance of trusting the remote endpoint and protecting the API key. There is no request to modify other skills or system-wide config.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawdiary
  3. After installation, invoke the skill by name or use /clawdiary
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.9
- Version bump from 1.1.7 to 1.1.9. - No file changes detected. - No new features, bug fixes, or documentation updates included in this release.
v1.1.7
- Metadata updated to include redaction, human approval, and environment variable requirements. - Environment variable documentation simplified; redundant fields removed. - Clarified and streamlined skill requirements in the SKILL.md. - No code or functional changes were made.
v1.0.9
- Improved and clarified environment variable and credential metadata. - Added multiple fields for specifying required environment variables and credentials, including primary_credential and required_environment_variables. - No changes to core functionality or usage.
v1.0.8
- Updated the version to 1.0.8. - Changed the environment variable field name from `env_vars` to `env` in the skill manifest.
v1.0.7
- Updated version to 1.0.7. - Added `env_vars`, `homepage`, and `repository` fields to the skill metadata.
v1.0.0
Initial release of ClawDiary Guardian. - Integrates OpenClaw agents with ClawDiary for audit diary and high-risk operation interception. - Supports active guard (human approval required before risky actions) and passive audit (logging actions after completion). - Enables shared diary entries between agents or devices. - Provides setup instructions and MCP descriptor for seamless MCP client integration. - Requires authentication via API key for all endpoint access.
Metadata
Slug clawdiary
Version 1.1.9
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 6
Frequently Asked Questions

What is Claw-Diary?

Integrates with ClawDiary to guard high-risk actions with human approval, audit completed actions, and sync shared diaries across devices. It is an AI Agent Skill for Claude Code / OpenClaw, with 295 downloads so far.

How do I install Claw-Diary?

Run "/install clawdiary" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Claw-Diary free?

Yes, Claw-Diary is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Claw-Diary support?

Claw-Diary is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Claw-Diary?

It is built and maintained by Jety (@jetywolf); the current version is v1.1.9.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments