← 返回 Skills 市场
jetywolf

Claw-Diary

作者 Jety · GitHub ↗ · v1.1.9 · MIT-0
cross-platform ✓ 安全检测通过
295
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install clawdiary
功能描述
Integrates with ClawDiary to guard high-risk actions with human approval, audit completed actions, and sync shared diaries across devices.
使用说明 (SKILL.md)

ClawDiary Guardian

An OpenClaw skill for integrating with ClawDiary - a cloud-based audit diary and high-risk operation interception gateway for AI Agents.

How to Get an API Key (Registration)

To use this guardian skill, you need a ClawDiary API Key.

  1. Visit ClawDiary: Go to the official site at clawdiary.org.
  2. Register & Subscribe: Choose a plan and follow the registration process.
  3. Get API Key: Once registered, you will be provided with your unique CLAWDIARY_API_KEY.

Alternatively, if you prefer to self-host your own instance, check out the ClawDiary setup documentation.

Setup In OpenClaw

Configure your agent with the CLAWDIARY_API_KEY obtained from the step above. Note that all /v1/* endpoints require authentication via the Authorization: Bearer \x3CAPI_KEY> header.

Features & Usage

1. Active Guard (Approval Gate)

Endpoint: POST https://api.clawdiary.org/v1/guard When to use: BEFORE executing any high-risk, destructive, or outbound action (such as executing bash, file deletions, sending emails). Behavior: Call this endpoint and wait for the response. Red-light actions will block the HTTP response until a human approves via Telegram. Only proceed with the action if the response returns approved: true.

Example Request:

{
  "agent_id": "openclaw",
  "action_type": "execute_bash",
  "command": "rm -rf /tmp/data",
  "params": { "cwd": "/home/user" },
  "thought": "Cleaning up temporary files"
}

2. Passive Audit (Logging)

Endpoint: POST https://api.clawdiary.org/v1/audit When to use: AFTER an action completes. Behavior: Report the action, cost, and payload. This helps the human operator review usage asynchronously.

Example Request:

{
  "agent_id": "openclaw",
  "session_id": "sess-001",
  "action_type": "tool_call",
  "cost": 0.003,
  "payload": { "tool": "search_web", "query": "weather in London" }
}

3. Shared Diary

Endpoints: POST https://api.clawdiary.org/v1/diary (write), GET https://api.clawdiary.org/v1/diary?owner_id=... (list) When to use: To keep a shared diary across multiple devices (lobsters) for one owner. This allows agents to sync status updates and context.

Example Write Request:

{
  "owner_id": "alice",
  "lobster_id": "office-mac",
  "content": "Finished API integration today. All good."
}

MCP Support

ClawDiary provides an MCP descriptor at GET https://api.clawdiary.org/mcp.json. Importing this to an MCP client automatically registers the request_human_approval tool handling the active guard.

安全使用建议
This skill is internally consistent: it asks only for a ClawDiary API key and instructs the agent to call the remote guard/audit/diary endpoints, with explicit redaction rules. Before installing: (1) Verify the ClawDiary service and operator (clawdiary.org, the GitHub repo) and review their privacy/security practices; (2) Store CLAWDIARY_API_KEY securely (least privilege) and rotate it if exposed; (3) Consider requiring manual/user-invocation or limiting autonomous invocation if you are uncomfortable with the agent calling an external service automatically; (4) Understand that the redaction regex/truncation rules are not infallible — sensitive data might still leak if inputs are atypical, so avoid sending raw files or secrets even if instructions say to redact; (5) If you can, self-host the service (repo link is provided) so you control logs and approvals. Overall the skill appears coherent, but trust in the external service and robust secret handling are the main residual risks.
功能分析
Type: OpenClaw Skill Name: clawdiary Version: 1.1.9 The ClawDiary Guardian skill is a security-focused integration designed to provide an audit trail and a human-in-the-loop approval gate for AI agents. It instructs the agent to send metadata about high-risk actions to a remote service (api.clawdiary.org) for logging and manual approval before execution. The instructions (SKILL.md and instructions.txt) include explicit privacy safeguards, such as mandatory truncation of payloads to 500 characters and strict regex-based redaction of potential secrets and Base64-encoded data. There is no evidence of malicious intent; the skill's behavior is consistent with its stated purpose of enhancing agent safety and accountability.
能力评估
Purpose & Capability
Name/description (guard, audit, diary sync) align with the declared runtime behavior: POST/GET calls to api.clawdiary.org and a single required env var CLAWDIARY_API_KEY. No unrelated binaries, config paths, or extra credentials are requested. Minor note: registry metadata lists "Primary credential: none" even though CLAWDIARY_API_KEY is required in the skill metadata—this is an administrative inconsistency but not a functional mismatch.
Instruction Scope
The SKILL.md and instructions.txt explicitly tell the agent to call guard endpoints before high-risk actions, call audit endpoints after actions, and sync diaries. They also specify strict truncation and regex redaction rules and prohibit sending files or raw outputs. This scope is coherent with the stated purpose, but it requires trust in the remote service and correct implementation of the redaction/truncation rules (which can be brittle and may not guarantee complete secret removal).
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or fetched at install time, which minimizes install-time risk.
Credentials
Only one environment variable (CLAWDIARY_API_KEY) is required, which is proportional for an API-based gating/audit service. No unrelated credentials or system config paths are requested.
Persistence & Privilege
always:false (normal) and model invocation is enabled (default). That means the agent can call the external service autonomously; this is expected for a guard/audit skill but increases the importance of trusting the remote endpoint and protecting the API key. There is no request to modify other skills or system-wide config.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install clawdiary
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /clawdiary 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.9
- Version bump from 1.1.7 to 1.1.9. - No file changes detected. - No new features, bug fixes, or documentation updates included in this release.
v1.1.7
- Metadata updated to include redaction, human approval, and environment variable requirements. - Environment variable documentation simplified; redundant fields removed. - Clarified and streamlined skill requirements in the SKILL.md. - No code or functional changes were made.
v1.0.9
- Improved and clarified environment variable and credential metadata. - Added multiple fields for specifying required environment variables and credentials, including primary_credential and required_environment_variables. - No changes to core functionality or usage.
v1.0.8
- Updated the version to 1.0.8. - Changed the environment variable field name from `env_vars` to `env` in the skill manifest.
v1.0.7
- Updated version to 1.0.7. - Added `env_vars`, `homepage`, and `repository` fields to the skill metadata.
v1.0.0
Initial release of ClawDiary Guardian. - Integrates OpenClaw agents with ClawDiary for audit diary and high-risk operation interception. - Supports active guard (human approval required before risky actions) and passive audit (logging actions after completion). - Enables shared diary entries between agents or devices. - Provides setup instructions and MCP descriptor for seamless MCP client integration. - Requires authentication via API key for all endpoint access.
元数据
Slug clawdiary
版本 1.1.9
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 6
常见问题

Claw-Diary 是什么?

Integrates with ClawDiary to guard high-risk actions with human approval, audit completed actions, and sync shared diaries across devices. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 295 次。

如何安装 Claw-Diary?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawdiary」即可一键安装,无需额外配置。

Claw-Diary 是免费的吗?

是的,Claw-Diary 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Claw-Diary 支持哪些平台?

Claw-Diary 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Claw-Diary?

由 Jety(@jetywolf)开发并维护,当前版本 v1.1.9。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论