Skip to content
← Registry
Trust Report

habit-flow

AI-powered atomic habit tracker with natural language logging, streak tracking, smart reminders, and coaching. Use for creating habits, logging completions naturally ("I meditated today"), viewing progress, and getting personalized coaching.

77
SUSPICIOUS
Format: openclawScanner: v0.7.1Duration: 46msScanned: 3h ago · Apr 9, 1:54 AMSource →
Open community →Automate with the API →Join the discussion →Jump to findings →
Embed this badge
AgentVerus SUSPICIOUS 77AgentVerus SUSPICIOUS 77AgentVerus SUSPICIOUS 77
[![AgentVerus](https://agentverus.ai/api/v1/skill/ad88cbf0-ce28-43d8-b45e-49d31b2b39d7/badge)](https://agentverus.ai/skill/ad88cbf0-ce28-43d8-b45e-49d31b2b39d7)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →
https://agentverus.ai/api/v1/skill/ad88cbf0-ce28-43d8-b45e-49d31b2b39d7/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"ad88cbf0-ce28-43d8-b45e-49d31b2b39d7","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/ad88cbf0-ce28-43d8-b45e-49d31b2b39d7/trust

Category Scores

48
Permissions
100
Injection
100
Dependencies
25
Behavioral
75
Content
100
Code Safety

Findings (13)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: Execute

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highCapability contract mismatch: inferred file read is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: references/

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://github.com/tralves/habit-flow-skill

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04
highCapability contract mismatch: inferred documentation ingestion is not declared-10

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: See [references/

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highCapability contract mismatch: inferred package bootstrap is not declared-10

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: npx tsx

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highLocal file access detected-15

Found local file access pattern: "[references/COMMANDS.md](references/COMMANDS.md)"

**For more visualization options:** See [references/COMMANDS.md](references/COMMANDS.md)

Treat local file browsing as privileged access. Restrict it to explicit user-approved paths and avoid combining it with unrestricted browser/session reuse.

behavioralASST-03
highLocal file access detected (inside code block)-15

Found local file access pattern: "references/"

3. Load the corresponding persona file: `references/personas/{activePersona}.md`

Treat local file browsing as privileged access. Restrict it to explicit user-approved paths and avoid combining it with unrestricted browser/session reuse.

behavioralASST-03
highLocal file access detected (inside code block)-15

Found local file access pattern: "`log_habit.ts`"

**Tip:** Remember to run `log_habit.ts` when logging completions — verbal confirmation alone doesn't persist the data.

Treat local file browsing as privileged access. Restrict it to explicit user-approved paths and avoid combining it with unrestricted browser/session reuse.

behavioralASST-03
highLocal file access detected (inside code block)-15

Found local file access pattern: "scripts/parse_natural_language.ts"

npx tsx scripts/parse_natural_language.ts --text "I meditated today"

Treat local file browsing as privileged access. Restrict it to explicit user-approved paths and avoid combining it with unrestricted browser/session reuse.

behavioralASST-03
highPackage bootstrap execution detected (inside code block)-15

Found package bootstrap execution pattern: "npx tsx"

npx tsx scripts/parse_natural_language.ts --text "I meditated today"

Surface package bootstrap commands for review. Ephemeral package execution and install-time dependency pulls increase supply-chain risk, especially when versions are not pinned or provenance is unclear.

behavioralASST-04
mediumCapability contract mismatch: inferred file write is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: create data directory

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
lowNo explicit safety boundaries-10

The skill does not include explicit safety boundaries defining what it should NOT do.

No safety boundary patterns found

Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09
infoError handling instructions present

The skill includes error handling instructions for graceful failure.

Error handling patterns detected

Keep these error handling instructions.

contentASST-09