Sleepwell
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is local-only and shows no network or credential use, but its advertised sleep purpose conflicts with its main productivity-tool behavior and one included script has a local code-execution injection risk.
Review carefully before installing. The artifacts do not show data exfiltration or credential access, but the skill is inconsistent about whether it is a sleep tracker or productivity logger, stores local history persistently, and includes a script that should be fixed before use with untrusted inputs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted sleep-log value could run commands under the user's account if the agent or user executes this script.
The script interpolates user-controlled command arguments directly into Python source inside an unquoted here-document. Crafted values containing quotes and Python syntax could alter the generated script and execute local code when the command is run.
hours="${1:-7}"; quality="${2:-3}" ... python3 << PYEOF ... stars = "⭐" * int("$quality") ... "hours":float("$hours")Do not run this script with untrusted inputs. The maintainer should pass arguments to Python through sys.argv or environment variables, quote the here-doc delimiter, and validate hours/quality as numeric ranges before use.
A user may trust the skill as a sleep/wellness tracker while it actually guides the agent toward storing unrelated work or productivity notes.
The advertised sleep-tracking purpose conflicts with the main documentation, which describes broad productivity and work logging. This is a material purpose mismatch.
description: "Track sleep habits and analyze rest patterns over time" ... "Productivity toolkit for managing tasks, plans, reviews, streaks, reminders, priorities, archives, tags, timelines, reports"
Install only if you want this broader productivity logger. The maintainer should align the name, description, commands, and scripts, or split the sleep diary and productivity logger into separate skills.
Sleep, personal routine, or work-planning details may remain on disk and be searchable/exportable later.
The skill intentionally keeps persistent local history and export files. This is expected for a tracker, but the data may include sensitive health, personal, or work details.
All data is stored in `~/.local/share/sleepwell/` ... `history.log` — central log of all actions with timestamps ... `export.json`, `export.csv`, `export.txt`
Avoid logging secrets or sensitive business details, and periodically review or delete the local data directory if you no longer need the history.
Users may not know which script is authoritative or what local runtime dependencies are needed.
The registry describes an instruction-only skill with no binary requirements, but executable scripts are included and one uses python3. This creates ambiguity about what will be installed or invoked.
No install spec — this is an instruction-only skill. Code file presence: scripts/script.sh; scripts/sleep_diary.sh. Required binaries: none.
The maintainer should provide an explicit install specification, declare bash/python requirements, and document which script backs the `sleepwell` command.