ClawHub

SkillTree Learning Progress Tracker

v1.0.0

Track learning across topics like an RPG skill tree. Prerequisites, milestones, suggested next steps. Gamified learning path.

0· 285·2 current·2 all-time
byShadow Rose@theshadowrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, README, and src/skill-tree.js all align: the skill is a local skill-tree tracker that stores progress in a JSON file and provides suggestions/metrics. It does not request unrelated credentials or binaries.
Instruction Scope
SKILL.md instructs local usage and the code reads/writes a local JSON data file (default ./skill-tree.json). There are no instructions to read arbitrary system files, access network endpoints, or exfiltrate data. The disclaimer in SKILL.md matches the implementation claiming local storage only.
Install Mechanism
No install spec; the skill is instruction + a small Node.js module. No downloads, package installs, or archive extraction are present in the bundle.
Credentials
The skill declares no environment variables, credentials, or config paths, and the code only uses the Node fs module to read/write a local path. Requested permissions are proportionate to a local progress tracker.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide configs. It persists only to a user-accessible JSON file (default ./skill-tree.json).
Assessment
This skill appears to do what it says: it stores progress locally in a JSON file (./skill-tree.json by default) and offers suggestions. Before installing or using it: 1) Review or run the src/skill-tree.js code in a sandbox to confirm behavior; 2) Back up any existing ./skill-tree.json (the default filename could overwrite an existing file); 3) Consider running the skill from a dedicated directory or change options.dataFile to a safe path; 4) Note that save errors are silently ignored in the code (catch blocks are empty), so test saving/loading to ensure your data is persisted; 5) No network or credentials are requested, so there is low exfiltration risk—but if you modify the skill, re-review any added network or credential access. Overall, the package is coherent and proportionate to its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

developmentvk979k18ax0d4wkywq054mmy08x82pv0platestvk979k18ax0d4wkywq054mmy08x82pv0plearningvk979k18ax0d4wkywq054mmy08x82pv0pplanningvk979k18ax0d4wkywq054mmy08x82pv0proadmapvk979k18ax0d4wkywq054mmy08x82pv0pskill-treevk979k18ax0d4wkywq054mmy08x82pv0pskillsvk979k18ax0d4wkywq054mmy08x82pv0p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments