Back to skill
Skillv1.0.0
ClawScan security
健康追踪 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 8:48 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, storage, and instructions are consistent with a local health-tracking utility that stores data in a JSON file; nothing requested or instructed appears disproportionate to its stated purpose.
- Guidance
- This skill appears to be a small, local health tracker that saves data to a JSON file (health_data.json) in the agent's working directory. It does not ask for credentials or perform network I/O. Consider where the agent will run: if the agent runs on a shared or cloud-hosted environment, the JSON file will be stored there and could contain personal health information, so you may want to restrict file permissions, move storage to a location you control, or add encryption if necessary. If you need remote sync or backups, add explicit, trusted integrations rather than relying on this simple local storage.
Review Dimensions
- Purpose & Capability
- okName and description (track water, sleep, steps, stats) match the provided Python implementation and the declared JSON storage; no unrelated capabilities or external services are requested.
- Instruction Scope
- okSKILL.md contains only local operations (create/read/write a local health_data.json and compute simple stats). It does not instruct reading unrelated system files, accessing environment variables, or sending data externally.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files executed by the platform. The provided example Python code is simple and local; there are no download URLs or package installs.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. The storage is a single local file (default health_data.json), which is appropriate for the stated functionality.
- Persistence & Privilege
- okThe skill is not forced-always, does not request elevated privileges, and does not modify other skills or system settings. It only writes its own data file in the current working directory.