Skillv1.0.0

ClawScan security

Goal Setter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 4:03 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill is a coherent local goal-tracking tool, but the included shell script dangerously embeds unescaped user input into Python code (risking crashes or code execution) and has a few brittleness/mismatch issues — review or fix before trusting it.
Guidance: This skill appears to do what it says — local goal tracking — but review or patch the bundled script before trusting it. The script embeds unescaped user input into inline Python, which can cause crashes or allow code execution if goal text contains quotes, newlines, or special characters. If you want to use it: (1) run it in a safe, single-user environment; (2) back up ~/.goals before use; (3) prefer fixing the script by passing user data safely to Python (e.g., use python to read argv or stdin, or use json.dumps to serialize variables) rather than interpolating shell variables into code; (4) document GOAL_DIR usage since SKILL.md omits it. If you are not comfortable editing shell/Python, consider not installing or requesting a corrected version from the author.

Review Dimensions

Purpose & Capability: okName/description match the included functionality: a local goal tracker that stores data under $HOME/.goals. The script requires only bash and python3 (SKILL.md lists python3 runtime), and there are no unexpected network calls or third-party credentials. Minor mismatch: SKILL.md states 'no environment variables required' but the script honors an optional GOAL_DIR env var to change storage location.
Instruction Scope: concernThe runtime instructions and the shipped script remain within the stated purpose (creating/updating a local JSON goals DB). However the script builds Python code by directly interpolating shell variables (e.g., $goal, $deadline, $pct) into python -c / heredoc blocks without escaping. This is fragile and dangerous: specially crafted goal text (quotes, newlines, or Python tokens) can break the Python snippets or be used to inject/execute arbitrary Python. Example problems: unquoted $deadline inserted into a Python 'if' expression can cause syntax errors or unexpected evaluation; single quotes inside a goal can break string literals. This is a code-injection / code-execution risk for the local user context and could also lead to data corruption. The SKILL.md suggests local-only storage and privacy, but the script's unescaped interpolation undermines safe handling of user-provided strings.
Install Mechanism: okNo install spec is provided (instruction-only with bundled script), so nothing is downloaded or executed at install time. This keeps install risk low. The only runtime dependency is python3 which the SKILL.md already declares.
Credentials: noteThe skill declares no required environment variables, which matches its simple local design. The script, however, honors GOAL_DIR if present (defaults to $HOME/.goals). This is a reasonable, limited opt-in override but should be documented in SKILL.md. No credentials or unrelated env vars are requested.
Persistence & Privilege: okThe skill does not request system-wide privileges and is not always-enabled. It writes data only to a per-user directory (default $HOME/.goals or GOAL_DIR). It does not modify other skills or global agent settings.