Kaizen
Security checks across malware telemetry and agentic risk
Overview
This looks benign: it does not use credentials or network access, but its documentation and helper script do not fully match and the helper stores any entries you add locally.
This skill is reasonable to install if you understand it is a local Kaizen tracker/reference helper, not just static guidance. Before using it, note that the documented commands do not match the script exactly, and do not enter sensitive information unless you are comfortable with it being stored in ~/.kaizen.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may expect a reference guide command but instead find a local note-tracking CLI that stores entries.
The included helper is a local tracker command set, while SKILL.md describes reference commands such as intro, event, pdca, and gemba. This is a documentation/package coherence issue rather than evidence of harmful behavior.
kaizen v$VERSION -- Kaizen continuous improvement tracker Commands: status add list search remove export stats config
Review the helper's actual commands before use, and update the documentation or invoke only the commands the script really supports.
Anything entered into the tracker can remain on disk and may be visible in later list/search/export operations.
The helper persists user-provided entries in a local JSONL file under ~/.kaizen by default, and later commands can list, search, remove, or export that data.
DATA_DIR="${KAIZEN_DIR:-$HOME/.kaizen}"
...
printf '{"ts":"%s","cmd":"%s","val":"%s"}\n' "$ts" "$cmd" "$val" >> "$DATA_DIR/data.jsonl"Avoid storing sensitive business or personal information unless local persistence is intended; set KAIZEN_DIR to a controlled location or delete ~/.kaizen when no longer needed.