ClawHub

Goal Tracker

v1.0.0

Track and log progress on long-term goals with daily updates, milestone marking, MRR tracking, and weekly summaries.

1· 1.5k·28 current·28 all-time
by@alti-systems
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/intent (goal tracking) aligns with the commands and data files described. However the skill assumes the presence of executables at absolute paths under /root/clawd rather than shipping its own code or a clear install — that's plausible for a wrapper around a local tracker but is unusual for a registry skill with no provenance or description.
!
Instruction Scope
SKILL.md instructs the agent to execute specific binaries at /root/clawd/tracker and /root/clawd/goal-tracker/generate-dashboard and to read/write data files (data/*.json, index.html). Those instructions stay within the stated purpose, but reference an absolute root path. Because the skill provides no code, those binaries are external and could perform arbitrary actions beyond goal-tracking (accessing system files, network, credentials). The instructions give the agent direct permission to run them without constraints.
Install Mechanism
No install spec and no code files are provided (instruction-only). This minimizes the skill writing code to disk, but it increases reliance on pre-existing local binaries — a different risk model rather than a direct install risk.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate for the claimed functionality. The remaining concern is that it will call local binaries which could themselves access secrets — but the skill manifest does not request them directly.
Persistence & Privilege
always is false and autonomous invocation is allowed (the platform default). The skill does not request to modify other skills or system-wide agent settings. No extra persistence privileges are declared.
What to consider before installing
This skill is instruction-only and expects existing binaries at /root/clawd/tracker and related paths. Before installing or enabling it: (1) verify the origin and contents of the /root/clawd binaries and generate-dashboard script — run them in a safe sandbox or inspect their code; (2) confirm they only access files under the skill directory and don't exfiltrate data or read unrelated system credentials; (3) prefer a skill that ships its own code or a documented install process from a known source; (4) if you must use it, run under a low-privilege account or container and monitor network/file activity. If you can provide the actual /root/clawd/tracker binary or its source, I can re-evaluate and likely raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk972nk8np02pqj1bbch51a813x80vyq4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments