Value Tracker
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Task descriptions, hours, rates, and notes may remain in the skill directory and appear in reports or JSON exports.
The skill intentionally persists task history locally for later summaries, reports, and exports. This is aligned with the purpose, but users may log sensitive business details.
Tasks are stored in `data.json` in the skill directory. Back it up periodically.
Avoid entering secrets or highly sensitive details, review reports before sharing them, and delete or protect data.json if needed.
Initial summaries, reports, or dashboard exports may include sample or prior data unless the user clears data.json first.
The packaged data file already contains task history and totals. That is not malicious, but it could make a new user's initial ROI summaries or reports look like they contain real user history.
"entries": [ { "timestamp": "2026-01-26T22:05:08.819698", "category": "tech", "task": "integration_setup", "hours": 2.0, "notes": "Toast API" } ... ], "totals": { "hours": 31.75, "tasks": 30 }Before first use, review data.json and reset it to an empty entries list if you want reports to reflect only your own work.