ClawHub

中文习惯打卡追踪器

v1.0.0

中文习惯打卡追踪器。每日打卡、连续天数、习惯统计。 本地存储,无账户,隐私安全。 当用户说"打卡"、"习惯"、"连续多少天"、"今天完成了吗"时触发。 Keywords: 打卡, 习惯, 追踪, streak, habit, 日签, 坚持.

0· 50·0 current·0 all-time
by@freedompixels
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md usage, and the Python script are consistent: functionality is adding/checking-in/listing habits and generating reports. Required resources (none) are proportional to the stated purpose.
Instruction Scope
SKILL.md instructs running scripts/habits.py with CLI flags — the script only reads/writes ~/.qclaw/workspace/habits.json and prints reports. This stays within scope. Note: the script assumes the ~/.qclaw/workspace directory exists (it does not create it), which is a functional bug rather than a security concern.
Install Mechanism
No install spec (instruction-only plus a Python script). Nothing is downloaded or installed by the skill; lowest installation risk.
Credentials
No environment variables, no credentials, and no config paths outside the local data file. The only file accessed is ~/.qclaw/workspace/habits.json, which matches the privacy-first claim.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills/config. Autonomous invocation is allowed by platform default but the skill's actions remain local and proportional.
Assessment
This skill appears to do what it says: a local habit tracker that stores data in ~/.qclaw/workspace/habits.json and makes no network calls or requests credentials. Before installing or running: (1) inspect the script (you already have it) to confirm no network or secret access — done here; (2) create the workspace directory (mkdir -p ~/.qclaw/workspace) so the script can save data; (3) consider file permissions (chmod 600) or encrypting the file if you plan to store sensitive notes; (4) be aware this is a local-only tool — if you need backups, set up your own backup policy. There are no signs of data exfiltration or unrelated credential access.

Like a lobster shell, security has layers — review code before you run it.

checkinvk971s44n8mb5f9y7erjq2qfkxs84pbpechinesevk971s44n8mb5f9y7erjq2qfkxs84pbpehabitsvk971s44n8mb5f9y7erjq2qfkxs84pbpelatestvk971s44n8mb5f9y7erjq2qfkxs84pbpestreakvk971s44n8mb5f9y7erjq2qfkxs84pbpetrackervk971s44n8mb5f9y7erjq2qfkxs84pbpe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎯 Clawdis

Comments