ClawHub

Quit Weed

v1.0.0

Take a tolerance break or quit cannabis with streak tracking and craving support

1· 1.7k·1 current·1 all-time
by@jhillin8
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (streak tracking, craving support, timelines) align with the SKILL.md: no unexpected binaries, credentials, or unrelated dependencies are requested.
!
Instruction Scope
SKILL.md instructs the agent to 'record' start dates, goals, and craving logs but does not specify where or how data is persisted. The claim 'All data stays local on your machine' is not backed by any implementation detail; the instructions are open-ended and could allow the agent/platform to store data remotely.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest installation risk. Nothing is downloaded or written by the skill itself.
Credentials
Skill declares no required environment variables, credentials, or config paths. There is no request for unrelated secrets or system access.
Persistence & Privilege
Skill is not always-enabled and allows normal autonomous invocation. It does request persistent storage of streaks/goals, but provides no mechanism or path; this raises a privacy/implementation question rather than a direct privilege escalation.
What to consider before installing
This skill looks functionally coherent, but it makes a strong privacy claim ('All data stays local') without any code or install instructions to enforce that. Before installing or entering any personal details: (1) Ask the platform/skill provider where and how streaks and craving logs are stored (local file, agent cloud storage, platform database, or third-party), (2) test by creating a dummy streak and checking whether data appears in platform logs or remote storage, (3) avoid entering sensitive personal or health information until you confirm local-only storage, and (4) prefer skills that document exact storage paths or use client-side-only storage mechanisms. If you cannot verify storage location or the vendor's privacy policy, treat the data as potentially accessible to the hosting platform and refrain from logging sensitive details.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fbxg50hjd9z4y6p9t95786n7zw65c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments