Vocabulary Anti Forgetting
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a benign vocabulary review skill that runs a local Python script and keeps a progress log, with one low-impact path-handling issue to notice.
This skill looks safe for its stated purpose. Before installing, be aware that it runs a local Python script and saves review progress locally. If you want the log in a specific place, set REVIEW_MEMORY_DIR or verify the script's path handling.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill will run local Python code to select words, print them, and update progress when invoked.
The skill asks the agent to execute a local Python script. This is disclosed and matches the vocabulary-review purpose, but users should still recognize that installing the skill permits local code execution for the review workflow.
When triggered, run the review script directly: ```bash python vocabulary-anti-forgetting/review.py ```
Use it only if you are comfortable with the included review.py script running locally; no external dependencies or network behavior are shown.
Your vocabulary progress history will be saved locally and reused in future review sessions.
The skill persists a review-history file across sessions. The stored data is limited to vocabulary progress and is purpose-aligned, but it is still persistent user-specific state.
`<workspace>/memory/review_log.md` | Tracks every word's review history, level, and next review date
Install if you are comfortable with a local progress log; delete or back up review_log.md if you want to reset or preserve progress.
The progress log may be written somewhere other than expected, and a same-named review_log.md in the current directory could be overwritten.
Because Path("") resolves to the current directory, the fallback to WORKSPACE_DIR / "memory" may not be used when REVIEW_MEMORY_DIR is unset. This can create or modify review_log.md in the current working directory rather than the documented memory folder.
MEMORY_DIR = Path(os.environ.get("REVIEW_MEMORY_DIR", "")) or WORKSPACE_DIR / "memory"
LOG_PATH = MEMORY_DIR / "review_log.md"Set REVIEW_MEMORY_DIR explicitly or fix the code to use the workspace memory path when the environment variable is absent.