Hmi
PassAudited by ClawScan on May 10, 2026.
Overview
This is a simple local command-line data tool that stores user-entered entries under ~/.hmi, with no evidence of network access, credential use, or hidden behavior.
This appears safe to install if you want a simple local CLI-style entry tracker. Be aware that its functionality is much more basic than the HMI-design description suggests, and avoid adding confidential information because entries are stored locally in plaintext and can be exported.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill executes a local shell script that can create, read, modify, remove, and export the tool's own local data files.
The skill's documented commands run an included local shell script. This is expected for a CLI-style skill and the script is included for review.
scripts/script.sh status
Use the documented commands intentionally, and review the script first if you are uncomfortable running local shell tools.
Anything added to the tool may remain on disk and could be shown or exported in a later command.
The skill persists user-entered data locally and can later list, search, or export it. This is disclosed and scoped to the tool's data directory.
All data stored in `~/.hmi/` using JSONL format
Do not store secrets or sensitive operational details unless you are comfortable keeping them in local plaintext files; set HMI_DIR if you want a different storage location.