Skillv1.0.1

ClawScan security

个人健康教练 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 12, 2026, 10:05 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (daily reminders + weather-aware outfit suggestions) is plausible, but the runtime instructions are underspecified about where weather comes from and how daily reminders are scheduled/delivered, which is an inconsistency you should resolve before installing.
Guidance: This skill appears to be what it says (a personal health coach), but it's underspecified. Before installing or enabling it, ask or confirm: (1) How will it obtain weather data and do you need to supply location or an API key? (2) How are daily reminders scheduled and delivered — does it need access to your calendar, email, or notification system? (3) Will it store any health or dietary data and where? (4) What integrations or permissions (calendar, SMS, push) will it request at runtime? If you plan to provide sensitive health information, prefer a version that documents its data sources, required permissions, and retention policy. If these questions are unanswered, treat the skill as risky and limit its access (do not give any credentials or system-level permissions).

Review Dimensions

Purpose & Capability: noteName and description match the instructions (create reminders, meal plans, morning weather/outfit, evening check-in). However 'weather-aware' implies access to location or a weather API and 'daily reminders' implies scheduling/notification capabilities — none of which are declared (no env vars, no config paths, no install or integrations). This is plausible but incomplete.
Instruction Scope: concernSKILL.md is brief and operationally vague: it requires producing fixed daily outputs but does not specify how to obtain weather (user-provided location vs external API), how reminders are delivered or scheduled (push/notifications/calendar/email), nor what permissions or external services are used. The instructions give the agent broad discretion, which can lead to surprising behavior.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest-risk installation surface. Nothing would be written to disk by an installer.
Credentials: okNo environment variables, credentials, or config paths requested. There is no apparent attempt to collect unrelated secrets or system-level config.
Persistence & Privilege: notealways is false and autonomous invocation is allowed (the platform default). The skill promises repeated daily outputs but does not request persistence or scheduling hooks; you should confirm how recurring reminders are implemented and what permissions (calendar, push notifications, device access) the skill requires.