Pest & Disease Tracker
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: pest-disease-tracker Version: 1.0.0 The skill bundle is benign. The `pest_tracker.py` script performs local file operations to manage garden pest and disease data, storing it in `~/.openclaw/workspace/pest_tracker_db.json`. A critical security control is implemented in the `export_data` function, which uses `is_safe_path` to strictly validate output file paths, preventing writes to system directories (`/etc`, `/usr`, `/var`) and sensitive user configuration files (`.ssh`, `.bashrc`). The SKILL.md documentation is purely instructional and does not contain any prompt injection attempts or instructions for malicious behavior.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your garden issue and treatment notes may stay on disk and be shown or exported by future uses of the skill.
The script saves user-entered pest, disease, plant, treatment, and notes data in a persistent local JSON file. This is expected for a tracking tool, but it means the data remains available to later invocations.
DB_PATH = Path.home() / ".openclaw" / "workspace" / "pest_tracker_db.json" ... json.dump(db, f, indent=2)
Avoid putting sensitive personal details in tracker notes, and remove the local database if you no longer want the history retained.