ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Goal Tracker Pro

v1.0.0

目标追踪专业版 - 目标设定、进度追踪、里程碑庆祝

0· 48·1 current·1 all-time
by@kaising-openclaw1
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a goal-tracking helper and the SKILL.md commands (clawhub goal ...) align with that purpose, but the package metadata and README disagree about required tools: the registry listing shows no required binaries, _meta.json lists curl, README suggests installing via `npx clawhub@latest`, and the instructions expect a 'clawhub' CLI. Those mismatches mean the runtime requirements are unclear and possibly incomplete.
Instruction Scope
SKILL.md only instructs use of a CLI to set/update/view goals and create milestones — scope is limited to goal-tracking. It does not request reading unrelated files or secrets. However it presumes the presence of an external CLI ('clawhub') with no declared install or provenance, which expands the effective scope depending on that CLI's behavior.
!
Install Mechanism
There is no formal install spec in the registry (instruction-only), but README recommends `npx clawhub@latest install goal-tracker-pro` which would fetch code from npm at runtime. That introduces moderate risk because the skill gives no guarantees about the source, and _meta.json's 'requires': ['curl'] further contradicts the declared lack of requirements.
Credentials
The skill does not request any environment variables, credentials, or config paths; SKILL.md doesn't reference secrets. From the files provided there is no evidence it asks for disproportionate access to credentials or other environments.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (defaults). It does not request persistent privileges or claim to modify other skills or global agent settings.
What to consider before installing
This skill appears to do what it says (goal tracking), but there are inconsistencies you should resolve before installing or running anything: 1) The SKILL.md expects a 'clawhub' CLI but the registry didn't declare it — confirm whether you already have a trusted 'clawhub' binary and what version is required. 2) The README suggests installing via `npx clawhub@latest`, which will fetch code from npm — only run that if you trust the package and its author; inspect the npm package first. 3) _meta.json lists 'curl' as required even though the registry shows no binaries; ask the publisher to clarify exact runtime requirements and provide a canonical install method. If you can't verify the source or inspect the npm package, avoid running npx or unknown CLI commands and prefer skills with explicit install specs and declared dependencies.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fnv3s1g5dan0pw6g1d768k9851m9k
48downloads
0stars
1versions
Updated 5d ago
v1.0.0
MIT-0
@kaising-openclaw1
latest
Download

Goal Tracker Pro

目标追踪专业版工具,帮你实现人生目标。

功能

  • ✅ 目标设定
  • ✅ 进度追踪
  • ✅ 里程碑庆祝
  • ✅ 数据分析
  • ✅ 社交分享

使用

# 设定目标
clawhub goal set --title "减肥 10 斤" --deadline "2026-06-01"

# 更新进度
clawhub goal update --id 1 --progress 50

# 查看进度
clawhub goal progress --id 1

# 里程碑
clawhub goal milestone --id 1 --name "完成 50%"

定价

版本价格功能
免费版¥03 个目标
Pro 版¥49无限目标
订阅版¥12/月Pro+ AI 建议

Comments

Loading comments...