Work Progress Summary Pro
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a benign local work-log tool, but it persistently stores work details and can overwrite or delete logged entries when asked.
Install only if you are comfortable with a local database of your work history under `~/.work_report_summary` by default. Review dates and entry ids before using replace or delete operations, and avoid storing secrets or highly sensitive information in work-log text.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses the wrong date or entry id, a local work log could be overwritten or an entry could be removed.
The skill can intentionally mutate local records, including overwriting a day's report or deleting one entry. This matches the stated purpose and is scoped by date or entry id, but wrong inputs could change or remove stored work-log data.
`replace-day` to overwrite one day's report ... `delete-entry` to remove one existing task by `entry id`
Confirm the target date and entry id before replacement or deletion, and use the history commands to inspect changes if something looks wrong.
Work details may remain available in the local SQLite database and history even after later edits, depending on the command used.
The skill stores user-provided work items persistently and later retrieves them for summaries and history views. This is disclosed and local, but it creates durable memory of work details.
Persist work logs in SQLite ... Persist to `~/.work_report_summary/<db_name>.db` ... track entry history
Do not record passwords, secrets, or sensitive confidential details; keep track of the database location if you need to back it up, inspect it, or remove it.