Reg Limited
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward vehicle restriction tool, though it runs a local curl command, stores plate reminders on disk, and its advertised reminder notifications look incomplete.
This skill is reasonable for querying vehicle restrictions, but review the source if local command execution concerns you. Be aware that plate/reminder data is saved in ~/.reg-limited/config.json and that the included code does not appear to actually send scheduled notifications.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the skill may execute curl on your machine to retrieve traffic restriction data.
The skill executes a local shell command to fetch official restriction data. The URL is fixed in the code, so this is purpose-aligned and not evidence of command injection, but it still relies on local command execution.
const cmd = `curl -s -L "${BEIJING_URL}" --max-time 30`; const result = execSync(cmd, { encoding: 'utf-8', timeout: 30000 });Use it only if you are comfortable with a local CLI invoking curl, and keep the runtime environment/path trustworthy.
Your license plate/reminder details may remain on disk and be readable by anyone or anything with access to your user account files.
The skill persists reminders containing city, plate, and reminder time in a local config file. This is expected for reminders, but it is persistent user data.
const configPath = process.env.HOME + '/.reg-limited/config.json'; ... config.reminders.push(reminder); ... fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
Avoid using it on shared machines if plate data is sensitive, and delete ~/.reg-limited/config.json if you want to clear stored reminders.
You might expect an actual notification and miss a restriction reminder if no separate scheduler is configured.
The documentation promises scheduled notifications, but the included code only stores reminder records and does not implement a scheduler or notification channel. This looks like an overstatement of capability rather than malicious behavior.
**Scheduled Reminders** - Get notified at specified times about restriction info
Treat the reminder feature as local record storage unless the publisher provides and documents a working scheduler/notification mechanism.