HZL
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused, force or prune commands could permanently delete HZL task history.
The CLI includes destructive operations that can erase ledger data, but the skill explicitly labels them as destructive and instructs agents not to run them unless the user asks.
`hzl init --force --yes` | **DELETES ALL DATA WITHOUT CONFIRMATION.**
Only allow destructive HZL commands when you intentionally want to delete ledger data, and avoid `--yes` unless you are sure.
Installing the skill requires trusting the Homebrew or npm package that provides the `hzl` command.
The skill relies on installing an external CLI package rather than shipping reviewable code in the artifact set. This is normal for a CLI skill but still means the installed package should be trusted.
`brew` | package: `hzl` | creates binaries: `hzl`; `node` | package: `hzl-cli` | creates binaries: `hzl`
Install from the documented package source only if you trust the HZL project and your package manager configuration.
Future agents may read and act on stored HZL task/checkpoint information.
The skill intentionally stores task progress for later reuse. Persistent task/checkpoint content can influence future sessions or agents if it contains sensitive data, stale assumptions, or untrusted instructions.
Checkpoint progress so work survives session boundaries
Do not put secrets in HZL tasks or checkpoints, and review stored task state before relying on it for important actions.
Agents using the same HZL projects may see, claim, or recover work from shared task queues.
The skill supports shared project pools, leases, claims, and task stealing for multi-agent coordination. That is purpose-aligned, but shared task pools can expose task context to other participating agents.
Coordinate across multiple agents with leases and dependencies
Use separate projects or clear agent IDs for sensitive work, and keep shared tasks limited to information the participating agents should see.