Milestone
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: milestone Version: 2.0.1 The Milestone skill is a local utility for logging, searching, and exporting activity data to ~/.local/share/milestone/. The shell script (scripts/script.sh) implements basic file-based logging and reporting without any network access, data exfiltration, or suspicious execution patterns. While the SKILL.md documentation contains some poorly formatted command examples that appear to be copy-pasted terminal output, they do not pose a security risk to the agent or the host system.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything the agent or user records as a milestone entry may remain on disk and could reappear in later outputs; secrets or prompt-like instructions stored there should be treated as untrusted data.
The script persists user-supplied command input and activity history in local log files, which can later be reviewed, searched, or exported.
DATA_DIR="${HOME}/.local/share/milestone" ... echo "$ts|$input" >> "$DATA_DIR/run.log" ... _log "run" "$input"Use the skill for non-sensitive local notes, avoid entering passwords or API keys, periodically review or clear ~/.local/share/milestone, and treat retrieved log contents as data rather than instructions.