Habit Tracker
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent local habit-tracking CLI, with the main things to notice being persistent local habit data and optional user-configured cron reminders.
This skill looks safe for local habit tracking. Before installing, be aware that your habit names, logs, and notes are saved locally, and only set up the optional cron jobs if you want automatic reminders or reports.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your habit history and notes will remain on disk in your home directory until you remove them.
The CLI persists habit names, completion logs, and optional notes in local JSON files. This is expected for a habit tracker, but users should recognize that the data may be personal.
const DATA_DIR = path.join(os.homedir(), '.config', 'habit-tracker'); ... const HABITS_FILE = path.join(DATA_DIR, 'habits.json'); const LOGS_FILE = path.join(DATA_DIR, 'logs.json');
Use non-sensitive wording for habit notes if privacy matters, and back up or delete ~/.config/habit-tracker when appropriate.
If you configure the cron examples, the tracker may run reminder or report commands automatically on a schedule.
The skill documents optional scheduled execution for reminders and reports. This is disclosed and purpose-aligned, but it can make the tool run periodically if the user adds the cron job.
Add to crontab for hourly reminder checks: `0 * * * * node /path/to/habit-tracker/scripts/habit-cli.js reminder`
Only add the cron entries if you want scheduled reminders, and remove them from crontab when you no longer want automatic checks.