Milestone
PassAudited by ClawScan on May 1, 2026.
Overview
Milestone appears to be a local-only logging utility; the main caution is that anything recorded is saved in local history files.
This skill looks reasonable for local milestone/activity logging. Before installing or using it, remember that entries are written to ~/.local/share/milestone and may be shown or exported later, so do not store secrets, credentials, or highly sensitive personal information in milestone entries.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything the agent or user records as a milestone entry may remain on disk and could reappear in later outputs; secrets or prompt-like instructions stored there should be treated as untrusted data.
The script persists user-supplied command input and activity history in local log files, which can later be reviewed, searched, or exported.
DATA_DIR="${HOME}/.local/share/milestone" ... echo "$ts|$input" >> "$DATA_DIR/run.log" ... _log "run" "$input"Use the skill for non-sensitive local notes, avoid entering passwords or API keys, periodically review or clear ~/.local/share/milestone, and treat retrieved log contents as data rather than instructions.