Safety Report

GHIN Golf Tracker

Name: GHIN Golf Tracker
Rating: 5 (1 reviews)
Author: pfrederiksen

Analyzes local GHIN golf JSON data to report handicap trends, scoring patterns, course stats, and yearly performance without external connections.

268Downloads

0Installs

1Stars

5Versions

Networking & DNS1,102 Education & Learning489

Security Analysis

medium confidence

Clean0.04 risk

The skill's code, docs, and runtime instructions are consistent with a local-only GHIN JSON analyzer and do not request credentials or network access, but verify the source/repo before installing.

Feb 23, 20263 files1 concern

Purpose & Capabilityok

Name/description promise (local analysis of GHIN JSON) matches the files and code: the Python script reads a JSON file, computes statistics, and outputs text/JSON. There are no unrelated required binaries or environment variables.

Instruction Scopeok

SKILL.md and README restrict operation to reading a single .json file and producing analysis. The script enforces a .json suffix and validates expected keys. The docs explicitly deny network/subprocess/file-write behavior and the code shown adheres to that scope.

Install Mechanismnote

This is an instruction-only skill (no install spec). README suggests installing via 'clawhub' or cloning a GitHub repo (https://github.com/pfrederiksen/ghin-golf-tracker). Because the registry 'Source' is unknown and homepage is empty, confirm the canonical repository and install source before running.

Credentialsok

The skill requests no environment variables, no credentials, and no config paths. The README warns that data collection (not included) may require credentials — which is appropriate and kept separate from this skill.

Persistence & Privilegeok

The skill does not request 'always: true' or other elevated persistence. It does not attempt to modify other skills or system settings; it is a simple local analyzer.

Guidance

This skill appears to do exactly what it claims: analyze a locally-provided GHIN JSON file with no network or credential usage. Before installing or running it: 1) verify the repository/source (README references a GitHub repo) to ensure you obtained the unmodified code from a trusted location, 2) inspect the entire scripts/ghin_stats.py file (the provided extract looked consistent, but confirm the truncated tail contains no network or file-write operations), 3) do not give your GHIN credentials to any other skill or agent that would perform data collection; if you must use automated scraping, prefer manual exports or use trusted tooling in an isolated environment, and 4) run the script on sample data or in a sandbox if you are unsure. If you want higher assurance, provide the full script content (untruncated) so it can be re-reviewed.

Latest Release

v1.3.0

Remove browser automation code examples to maintain true credential-free design

More by @pfrederiksen

Email Intelligence

2 stars

Synology Backup

2 stars

Photo Captions

2 stars

Shipment Tracker

1 stars

Arccos Golf Performance Analyzer

1 stars

OpenClaw Cost Tracker

1 stars

Published by @pfrederiksen on ClawHub