ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xiao Goal Tracker

v1.0.0

目标追踪 - 目标设定、进度跟踪、里程碑庆祝

0· 39·0 current·0 all-time
by@kaising-openclaw1
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and README describe a goal-tracking CLI (commands like `clawhub goal set`, progress, milestones) which aligns with the stated purpose. However the runtime assumes an external 'clawhub' CLI is present/installed; that dependency is not declared consistently in the skill registry metadata.
!
Instruction Scope
Runtime instructions tell the agent/user to run `clawhub` CLI commands and the README suggests `npx clawhub@latest install goal-tracker`. The skill provides no install spec or guidance integrated into the registry metadata, so it implicitly requires executing external tool installation (npx/npm) and running a CLI whose behavior and network activity are unspecified.
!
Install Mechanism
There is no formal install spec in the registry. The README suggests using npx (which would download code from the npm ecosystem), and _meta.json lists `curl` in requires, but the registry metadata earlier reported no required binaries — this inconsistency is concerning because it leaves unclear what will be downloaded or executed and from where.
Credentials
The skill declares no required environment variables or credentials, which is reasonable for a local goal-tracking CLI. However the included _meta.json lists `curl` as a required binary while registry metadata lists none; no sensitive env vars are requested, but the mismatch in declared runtime tools should be clarified.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only; it does not require elevated persistence or system-wide configuration changes as presented.
What to consider before installing
Proceed with caution. The skill's instructions assume the external 'clawhub' CLI and suggest installing via `npx`, but the package registry metadata lacks a clear install spec and _meta.json contradicts other declared requirements (mentions curl). Before installing or running anything: 1) ask the publisher for the canonical homepage or source repository and verify the publisher identity; 2) inspect the npm package that `npx` would fetch (or prefer installing in a sandbox/container); 3) confirm what the `clawhub` CLI does and whether it communicates over the network or requires credentials; 4) avoid running unverified installers on a production machine. If the author cannot provide a trustworthy source or clear install instructions, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk970akk8jj7ccnjn53ky2macgd85btxn
39downloads
0stars
1versions
Updated 16h ago
v1.0.0
MIT-0
@kaising-openclaw1
latest
Download

Goal Tracker

目标追踪工具,帮助你实现目标。

功能

  • ✅ 目标设定
  • ✅ 进度跟踪
  • ✅ 里程碑庆祝
  • ✅ 提醒通知
  • ✅ 统计报告

使用

# 设定目标
clawhub goal set --title "减肥 10 斤" --deadline "2026-06-01"

# 更新进度
clawhub goal update --id 1 --progress 50

# 查看进度
clawhub goal progress --id 1

# 里程碑
clawhub goal milestone --id 1 --name "完成 50%"

定价

版本价格功能
免费版¥03 个目标
Pro 版¥39无限目标
订阅版¥9/月Pro+ AI 建议

Comments

Loading comments...