Scan Report
5 /100
habit-tracker-companion
习惯养成打卡助手,连续激励、数据统计、陪你养成好习惯。
This is a documentation-only skill with a single SKILL.md file describing a habit tracker CLI. No code, scripts, or executable content exists in the package.
Safe to install
No action needed. The skill consists solely of a Markdown documentation file describing a habit tracking tool. If this skill is adopted, actual implementation code should be reviewed for security issues before use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ/WRITE | NONE | ✓ Aligned | SKILL.md:40 declares ~/.memory/habits/habits.json but no code exists to verify |
| Network | NONE | NONE | — | No network activity described or present |
| Shell | NONE | NONE | — | No shell commands described beyond python invocation |
| Environment | NONE | NONE | — | No environment variable access described |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation described |
| Clipboard | NONE | NONE | — | No clipboard access described |
| Browser | NONE | NONE | — | No browser access described |
| Database | NONE | NONE | — | No database access described |
File Tree
1 files · 951 B · 44 lines Markdown 1f · 44L
└─
SKILL.md
Markdown
Security Positives
✓ No executable code present — only a Markdown documentation file
✓ No sensitive file access patterns (no ~/.ssh, ~/.aws, .env references)
✓ No network requests, external IPs, or data exfiltration indicators
✓ No obfuscation, base64 encoding, or anti-analysis techniques
✓ No credential harvesting or environment variable enumeration
✓ No remote script execution patterns (curl|bash, wget|sh)
✓ No supply chain risks — no dependency files present
✓ No persistence mechanisms (no cron, startup hooks, backdoors)
✓ All described functionality is benign and within expected scope for a habit tracker