Stopwatch
v2.0.0Run stopwatch, timer, and lap tracking with precision in terminal. Use when timing tasks, checking durations, running countdowns, analyzing splits.
⭐ 0· 113·1 current·1 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and the included script align: the tool is a terminal stopwatch/timer/logger that writes and reads local log files. There are no unrelated environment variables, binaries, or services requested.
Instruction Scope
The runtime instructions and the script operate only on a local data directory (~/.local/share/stopwatch) and stdout. They implement logging, search (grep), export, and simple stats. No instructions read unrelated system config, network endpoints, or other credentials. Minor implementation issues exist (e.g., JSON export does not escape values and a newline is written as a literal "\n]"), but these are functional bugs rather than signs of scope creep or hidden exfiltration.
Install Mechanism
No install spec — instruction-only usage with an included Bash script. Nothing is downloaded from remote URLs or installed system-wide by the package; risk is low and consistent with a small utility script.
Credentials
No credentials or special environment variables requested. The script uses $HOME to create a per-user data directory, which is appropriate for a local logging utility. There are no requests for unrelated service tokens or secret values.
Persistence & Privilege
The skill does not request 'always' or other elevated persistent privileges. It writes to its own per-user data directory under ~/.local/share/stopwatch, which is normal for a CLI utility; it does not modify other skills or system-wide agent settings.
Assessment
This skill appears to be what it claims: a simple local stopwatch/logger. Before installing, review and accept that it will create and write files to ~/.local/share/stopwatch (you can change DATA_DIR in the script). The script does not contact the network or request secrets. If you care about data hygiene, avoid logging sensitive strings (anything you pass is appended to logs and exported), and consider reviewing or fixing the export routines (JSON values are not escaped and the JSON export has a newline-handling bug) if you plan to programmatically consume exports. Otherwise it is low-risk and appropriate for local use.Like a lobster shell, security has layers — review code before you run it.
latestvk97e3z0av3apb3kj9bdcczs5c5834mh9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.