Value Tracker
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: value-tracker Version: 0.1.0 The OpenClaw AgentSkills skill bundle 'value-tracker' is benign. The `tracker.py` script performs local file operations (reading/writing `data.json` and `config.json`) strictly within its own directory, which is expected for data persistence and configuration. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The `SKILL.md` and `README.md` files contain clear, non-manipulative instructions for the AI agent, focused solely on the skill's stated purpose of tracking value and hours.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Task descriptions, hours, rates, and notes may remain in the skill directory and appear in reports or JSON exports.
The skill intentionally persists task history locally for later summaries, reports, and exports. This is aligned with the purpose, but users may log sensitive business details.
Tasks are stored in `data.json` in the skill directory. Back it up periodically.
Avoid entering secrets or highly sensitive details, review reports before sharing them, and delete or protect data.json if needed.
Initial summaries, reports, or dashboard exports may include sample or prior data unless the user clears data.json first.
The packaged data file already contains task history and totals. That is not malicious, but it could make a new user's initial ROI summaries or reports look like they contain real user history.
"entries": [ { "timestamp": "2026-01-26T22:05:08.819698", "category": "tech", "task": "integration_setup", "hours": 2.0, "notes": "Toast API" } ... ], "totals": { "hours": 31.75, "tasks": 30 }Before first use, review data.json and reset it to an empty entries list if you want reports to reflect only your own work.