Habit Tracker
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: pearl-habit-tracker Version: 1.0.0 The habit-tracker skill is a standard CLI tool for managing personal habits and logs. The core logic in scripts/habit-cli.js performs local file operations within a dedicated configuration directory (~/.config/habit-tracker) and lacks any network activity, credential access, or dangerous execution patterns like eval or exec. The documentation in SKILL.md accurately reflects the code's functionality without any malicious prompt injection attempts.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Habit names, completion history, and notes will remain on the device and may reveal private routines if the account or files are accessed by others.
The CLI persists habit definitions and logs in local JSON files, which is expected for a habit tracker but can store personal routines and notes across sessions.
const DATA_DIR = path.join(os.homedir(), '.config', 'habit-tracker'); const HABITS_FILE = path.join(DATA_DIR, 'habits.json'); const LOGS_FILE = path.join(DATA_DIR, 'logs.json');
Avoid entering highly sensitive notes, and periodically review or delete the files in ~/.config/habit-tracker/ if you no longer want the data retained.
If you configure the cron examples, the tool may run reminder or report commands automatically on a schedule.
The documentation suggests optional cron-based scheduling, which is disclosed and purpose-aligned but would continue running until the user removes the cron entry.
Add to crontab for hourly reminder checks: 0 * * * * node /path/to/habit-tracker/scripts/habit-cli.js reminder
Only add the cron jobs if you want scheduled reminders, and remove the crontab entries when you stop using the skill.
You have less external information to verify the publisher or update history before installing.
The registry metadata does not provide an external source repository or homepage for provenance checking, though the included package has no dependencies and the static scan is clean.
Source: unknown Homepage: none
Review the included files and publisher information before installing, especially if you rely on this skill for long-term personal tracking.