Back to skill
Skillv1.0.0
ClawScan security
Mood Tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 4:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill implements a local, file-based mood tracker that stores data under ~/.moods (or $MOOD_DIR) and its requested footprint matches its stated purpose.
- Guidance
- This script is a local-only mood tracker that creates ~/.moods/moods.json and journal files (or a directory you set with MOOD_DIR). It does not contact external servers or request credentials. Before using: (1) verify you have python3 and a POSIX shell available, (2) inspect the script if you want to be sure it meets your policies, (3) consider setting MOOD_DIR if you prefer the data stored somewhere other than your home directory, and (4) back up or export your data if you need portability. Note the small metadata/instruction inconsistencies (runtime declared as python3 while the script is bash + python snippets) — these are likely harmless but worth correcting.
Review Dimensions
- Purpose & Capability
- noteName/description match the implementation: a local mood tracker. One minor inconsistency: SKILL.md lists runtime: python3 and the script uses python3 for small snippets, but the top-level entrypoint is a bash script — the registry metadata lists no required binaries while the code actually needs a POSIX shell and python3.
- Instruction Scope
- okRuntime instructions and the script operate on local files only (default $HOME/.moods or $MOOD_DIR). The commands read/write JSON and markdown journal files and produce local summaries. There are no network calls, hidden endpoints, or attempts to read unrelated system files. (Minor note: tips.md mentions 'export' but no export command exists in the script.)
- Install Mechanism
- okNo install spec — this is instruction-only with an included script. That is low-risk since nothing is downloaded or installed automatically. The script will execute locally if the user runs it.
- Credentials
- okNo required environment variables or credentials. The script honors an optional MOOD_DIR env var to change the storage location, which is proportionate to its function. No sensitive credentials are requested or used.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated or persistent platform privileges. It only writes its own data under the user's chosen directory and does not modify other skills or system-wide configuration.