Habithero
PassAudited by ClawScan on May 1, 2026.
Overview
HabitHero appears to be a local habit/productivity logger with no evidence of exfiltration or destructive behavior, though it stores personal entries locally and its CLI artifacts do not fully match the registry description.
This looks safe to try as a local-only tracker, but verify the CLI setup and command behavior first. Be aware that anything you enter may be saved under ~/.local/share/habithero and included in local exports.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Habit names, routines, reviews, or reminders entered into the tool can remain on the device in local log files and exports.
The script persistently stores user-entered habit/productivity data in local log files, which is expected for a tracker but may include sensitive personal routines.
DATA_DIR="${HOME}/.local/share/habithero" ... echo "$ts|$input" >> "$DATA_DIR/add.log" ... _log "add" "$input"Avoid entering highly sensitive personal details unless you are comfortable storing them locally, and periodically review or delete the Habithero data directory if needed.
A user may not know exactly how the included shell script is meant to be installed or invoked.
The package also includes scripts/script.sh and the SKILL.md shows habithero CLI usage, so installation or invocation expectations are under-specified.
No install spec — this is an instruction-only skill.
Before installing or wiring this skill into an agent, verify how the habithero command is created and that the script source matches the command you intend to run.
The installed tool may not behave exactly as the description suggests, especially for streak counting and calendar-style habit tracking.
The visible script help lists a generic productivity command set, while SKILL.md advertises habit-specific commands such as done, list, and calendar. This is a functionality/documentation mismatch users should notice.
echo " plan Plan" ... echo " track Track" ... echo " review Review" ... echo " export <fmt> Export (json|csv|txt)"
Test the documented commands on non-sensitive sample data before relying on the tool for real tracking.