Focus
v2.0.0Focus — a fast productivity tool. Log anything, find it later, export when needed.
⭐ 0· 197·1 current·1 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (local productivity logger) aligns with requested resources: no env vars, no external credentials, and a script that writes/reads logs under ~/.local/share/focus. Required capabilities appear proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs only local operations and uses the local data directory. The included script implements those commands (add, search, export, stats) and uses common shell utilities (grep, tail, wc, du, cat). Note: the provided script was truncated in the package preview, so I could not verify the final portion to ensure it contains no unexpected network calls or other out-of-scope actions.
Install Mechanism
No install spec is present (instruction-only with a helper script). That minimizes risk since nothing is downloaded or installed by the registry installer. The script will operate on disk when run, but there's no automated remote install behavior.
Credentials
The skill requests no environment variables, credentials, or special config paths. Its file access is limited to a single per-user data directory under HOME, which matches its functionality.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It writes only to its own data directory and does not modify other skills or system-wide settings (based on the visible script).
Assessment
This skill appears coherent and local-only, but you should: (1) inspect the full scripts/script.sh file (the provided preview was truncated) to confirm there are no network calls or unexpected behavior; (2) be aware all entries are stored in ~/.local/share/focus — avoid logging secrets or sensitive credentials there; (3) consider running the tool in a sandboxed environment first (or with a disposable account) if you want extra assurance; (4) if you plan to trust persistent data, verify the author/source (homepage is missing) before relying on it or giving it wide access on shared machines.Like a lobster shell, security has layers — review code before you run it.
latestvk975tscx81664b09f24tatcvvs830wn2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.