Skillv1.0.0

ClawScan security

习惯养成打卡 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 4:26 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches a habit-tracker, but the runtime instructions require running a Python script that is not provided—this mismatch is suspicious and could lead to executing unknown code if a script with that name exists on the system.
Guidance: This skill's instructions expect you to run a local Python script (habit-tracker-companion.py) that is not included. Before installing or invoking: 1) Do not run the commands until you can review the script source—ask the publisher for the code or a link to the exact file. 2) If you obtain the script, inspect it for network calls, secrets access, or destructive operations. 3) Consider running it in a sandbox or container and back up your home data; the skill will read/write ~/.memory/habits/habits.json. 4) If you can't get the script source from a trusted repository, treat this skill as unsafe to run because executing an unknown Python script can execute arbitrary code.

Review Dimensions

Purpose & Capability: noteName and features (add habit, check-in, stats, streaks) align with a habit-tracker. Requesting python3 as a binary is proportional. However, the SKILL.md expects a local script (habit-tracker-companion.py) to exist and be executed; no such code is bundled or installed by the skill, which is an incoherence between claimed capability and provided artifacts.
Instruction Scope: concernInstructions explicitly tell the agent to run 'python habit-tracker-companion.py' with various commands and to read/write ~/.memory/habits/habits.json. That file-path access is reasonable for a tracker, but directing execution of a local script that the skill does not supply is risky: the agent (or user) might run an unknown script already present on disk or must obtain it from an unspecified source. The SKILL.md does not explain how the script is provided, fetched, or verified.
Install Mechanism: okNo install spec is present (instruction-only). This is low-risk from an automatic-install perspective since nothing will be downloaded or written by an installer. The only requirement is python3 being available on PATH.
Credentials: okThe skill requests no environment variables or credentials. It uses a per-user path (~/.memory/habits/habits.json) for storage, which is consistent with a local habit tracker and is proportionate to the described functionality.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. It can be invoked by the agent (normal). There is no indication of elevated persistence or cross-skill configuration access.