Back to skill
Skillv1.0.0
ClawScan security
Self Improving Habit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 10:04 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and instructions match its stated purpose (habit design and local tracking); it operates locally by creating/appending markdown files and includes a simple shell tracker script with no network calls or secret requirements.
- Guidance
- This skill appears coherent and local-only: it will create and append markdown files under .learnings/habits and includes a shell script (scripts/habit-tracker.sh) to record/check habits. There are no network calls or credential requests. Before installing/using: 1) inspect the script if you want to confirm exact behavior; 2) run it in a directory where creating a .learnings/habits folder is acceptable (or back up existing files with that path); 3) be aware the script has minor portability/logic quirks (some grep/date usages) but nothing indicating malicious intent. If you want extra caution, run the script in a sandbox or review/modify it to suit your environment.
Review Dimensions
- Purpose & Capability
- okName/description = habit formation. Included assets (templates, SKILL.md logging format) and a local shell script that creates/appends .learnings/habits/*.md are consistent with that purpose. No unrelated credentials, binaries, or external services requested.
- Instruction Scope
- noteSKILL.md instructs the agent to append to .learnings/habits/* markdown files and to follow templates — this is appropriate for a habit-tracking skill but does require write access to the working directory. No instructions perform network transmission or read unrelated system config. Users should be aware the skill will create/modify files under .learnings/habits.
- Install Mechanism
- okNo install spec (instruction-only plus one script). No downloads or package installs. The included shell script is small and runs locally.
- Credentials
- okThe skill declares no environment variables, no secrets, and no config paths beyond the local .learnings/habits directory. That is proportional to the stated functionality.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request permanent system-wide privileges or modify other skills. Its persistence is limited to creating/ updating local files.