Skillv2.0.0

ClawScan security

Habithero · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 17, 2026, 7:10 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with a local habit-tracking CLI: it reads/writes files under your home directory and does not request credentials, network access, or unusual system permissions.
Guidance: This skill appears to be a local CLI habit tracker and is generally coherent, but before installing or running it: 1) Inspect the provided script (scripts/script.sh) yourself — it will create and write files under $HOME/.local/share/habithero. 2) Note the mismatch between SKILL.md (few commands) and the script (many commands); expect the extra functionality. 3) The export JSON routine does not escape user input, so exports can be malformed if you store arbitrary text; review exported files before sharing. 4) There is no network activity in the script, but if you plan to give an agent authority to run the skill autonomously, prefer running it in a controlled environment since it will execute shell commands and write files locally. 5) If you want to be extra safe, run the script in a sandbox or test account first.

Purpose & Capability: okName/description (habit tracker) align with the included script: the script implements many habit-tracking commands and stores data under $HOME/.local/share/habithero. No unrelated cloud credentials, binaries, or system paths are requested.
Instruction Scope: noteSKILL.md documents core commands (add, done, list, streak, calendar, help) but the shipped script implements a larger set (plan, track, review, export, stats, search, etc.). This is not malicious but is an inconsistency: the runtime behavior may offer more functionality than the documentation lists. All file and env access in the script stays within the data directory under the user's home.
Install Mechanism: noteThere is no install spec (instruction-only), yet a runnable script is included. That is low risk, but the lack of installation guidance means an agent or user might need to place the script on PATH themselves — review how it will be executed before running it.
Credentials: okThe skill declares no required environment variables or credentials and the script does not attempt to read unrelated env vars. All persistent data is written to a directory under the invoking user's home, which is proportionate for a local tracker.
Persistence & Privilege: okThe skill is not marked always:true and does not request system-wide configuration changes. It only writes to its own data directory under $HOME and does not modify other skills or global agent settings.