v1.0.0

Quit Vaping

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:52 AM.

Analysis

The skill is a coherent quit-vaping helper, but it asks users to persist sensitive health/addiction data while making strong local-only privacy claims without showing storage, deletion, or retention boundaries.

GuidanceReview carefully before using it for personal health tracking. The skill appears non-executable and purpose-aligned, but only enter quit dates, cravings, triggers, or health details if you are comfortable with unclear persistence; ask for or maintain your own clear delete/reset process.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityLowConfidenceMediumStatusConcern

SKILL.md

All data stays local on your machine... No tracking, no servers, no surveillance

This is a strong privacy assurance for sensitive health data, but the supplied artifacts do not include an implementation, storage path, or declared capability that substantiates how local-only storage is enforced.

User impactUsers may disclose sensitive quit-vaping details based on a privacy promise that is not clearly supported by the artifact set.

RecommendationAvoid absolute privacy claims unless the storage model is documented; state exactly what data is stored, where it is stored, and how users can inspect or delete it.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

Break nicotine addiction with persistent streak tracking... Log the craving moment to track patterns and triggers

This shows the skill intends to persist sensitive addiction-related information such as quit dates, cravings, and triggers, but the artifacts do not specify storage location, retention, deletion, or reuse boundaries.

User impactPersonal health and addiction data could be retained or reused in ways the user does not clearly understand.

RecommendationDefine where tracking data is stored, require explicit user consent before logging cravings or triggers, and provide clear reset/delete instructions.