HabitChat
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
HabitChat is a coherent local habit tracker, but its reminder feature writes shell scripts with unescaped habit names, which could run unintended commands if scheduled.
HabitChat’s basic tracking appears local and purpose-aligned, but be cautious with the reminder feature. Until the shell-script escaping issue is fixed, use simple habit names and avoid enabling scheduled reminders for names containing quotes, backticks, dollar signs, semicolons, or other shell characters.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a reminder is enabled for a specially crafted habit name, the generated reminder script could run unintended commands under the user’s account.
The stored habit name is inserted directly into a bash script that may be run by cron. Because shell metacharacters are not escaped, a crafted habit name containing backticks, $(...), quotes, or semicolons could execute commands when the reminder fires.
script_content = f'''#!/bin/bash\nnotify-send \"HabitChat\" \"Time for: {habit[\"name\"]}\" --icon=dialog-information\necho \"[$(date -u +%Y-%m-%dT%H:%M:%SZ)] {habit[\"name\"]}: Reminder fired\" >> \"{REMINDERS_LOG}\"\n'''\nscript_path.write_text(script_content)\nos.chmod(script_path, 0o755)Do not enable reminders for habits containing shell metacharacters until fixed. The skill should escape or reject unsafe characters, avoid generating shell scripts from raw habit names, or pass user text through a safe data file/API instead of executable script content.
Scheduled reminders may run later outside the agent conversation, and disabling in the skill may still require removing any cron entry the user added.
The reminder feature creates executable scripts and provides cron instructions. This persistence is disclosed and user-activated, but it can continue outside the chat session if the user adds the cron job.
script_path.write_text(script_content)\nos.chmod(script_path, 0o755) ... "To activate, add a cron job: crontab -e and add:"
Only add cron entries after inspecting the generated script. Use crontab -l / crontab -e to review and remove HabitChat reminder jobs when no longer wanted.
Habit names and completion history may reveal personal routines or health-related behavior to anyone or any process that can read files in the user account.
The skill intentionally keeps persistent local records of habits, completions, streaks, and preferences for future coaching.
All habit data is stored in `~/.habitchat/` as JSON files. ... habits.json ... logs.json ... streaks.json ... config.json
Avoid entering highly sensitive habit details if local file exposure is a concern, and review or delete ~/.habitchat/ when you no longer want the data retained.