ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Diet Tracker

v1.2.0

Tracks daily diet and calculates nutrition information to help achieve weight loss goals. Use when user provides meal information, asks about calorie intake,...

5· 2.7k·7 current·7 all-time
byYonghao Zhao@yonghaozhao722
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description match the core functionality (logging diet, calculating nutrition). However, the shipped code performs additional actions (copying logs to an Obsidian vault and attempting to push the vault to GitHub) that are not documented in SKILL.md and are not necessary for the stated purpose. The code also hardcodes absolute paths under /root/clawd which may be unexpected.
!
Instruction Scope
SKILL.md describes reading USER.md and updating daily memory files (expected). The runtime scripts in the package read/write files at /root/clawd/..., copy to an obsidian-vault path, and run git add/commit/push — these network/persistence steps are not described in SKILL.md (scope creep). The scripts also call an external nutrition API (api.nal.usda.gov) which is reasonable but not fully documented (demo API key used).
Install Mechanism
No install spec or remote downloads; this is an instruction-and-scripts package only. No additional packages are installed by the skill itself. Risk from install mechanism is low.
!
Credentials
The skill declares no required environment variables or credentials, but the code will use any existing Git configuration/credentials on the host to push data to a remote repository. It also reads USER.md (personal profile data) and will persist logs to disk. Requesting no credentials while attempting network pushes is a mismatch and can lead to unintended data exfiltration via existing host credentials.
!
Persistence & Privilege
The scripts persist data under /root/clawd/memory and copy files into /root/clawd/obsidian-vault. They then attempt to commit and push the obsidian-vault to the remote 'origin' branch — this gives the skill the ability to transmit recorded personal data to a remote Git host whenever git credentials are available. The skill does not request explicit user approval for these actions in SKILL.md.
What to consider before installing
Before installing or enabling this skill: (1) Inspect or run the included Python scripts yourself—pay special attention to update_memory.py lines that copy files and call git. (2) If you do not want your logs uploaded, remove or disable the git subprocess calls and the obsidian-vault copy. (3) Be aware the scripts read /root/clawd/USER.md (contains personal info) and write /root/clawd/memory/*.md; ensure those paths and contents are acceptable. (4) If the host has Git credentials configured, the skill could push your diet logs to the remote repository — either remove git remotes or sandbox the skill (no network) or run only after modifying the code to remove pushes. (5) If you are unsure, treat this as untrusted: do not give it persistent access to sensitive files or credentials and test in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

dietvk97aevwa8pjjnae02cwvp31v3581hn4rhealthvk97aevwa8pjjnae02cwvp31v3581hn4rlatestvk9744htfmrsp7b0cdd2ttwv6d581hez7nutritionvk97aevwa8pjjnae02cwvp31v3581hn4rtrackingvk97aevwa8pjjnae02cwvp31v3581hn4r
2.7kdownloads
5stars
5versions
Updated 8h ago
v1.2.0
MIT-0
Yonghao Zhao@yonghaozhao722
diethealthlatestnutritiontracking
Download

Diet Tracker

This skill helps track daily diet and achieve weight loss goals with automated meal reminders.

Trigger Conditions

User might say:

  • "I had [food] for lunch/dinner"
  • "What's my remaining calorie budget?"
  • "How many calories have I eaten today?"
  • "Log my meal"
  • "Check my diet progress"

Or automatically triggered by cron job for meal reminders.

Cron Job Integration

This skill works with automated cron jobs:

  • Lunch reminder: ~12:30 (checks if lunch logged, sends reminder if not)
  • Dinner reminder: ~18:00 (checks if dinner logged, sends reminder if not)

Cron job system event: 饮食记录检查:午餐 or 饮食记录检查:晚餐

User Profile (Required)

The skill reads from USER.md:

  • Daily calorie target (default: 1650 kcal)
  • Macronutrient targets (protein/carbs/fat)
  • Height, weight, age, gender, activity level (for TDEE calculation)

Activity levels:

  • Sedentary (little or no exercise)
  • Lightly active (light exercise 1-3 days/week)
  • Moderately active (moderate exercise 3-5 days/week)
  • Very active (hard exercise 6-7 days/week)
  • Extra active (very hard exercise + physical job)

Workflow

When User Logs a Meal:

  1. Identify food items from user's description
  2. Fetch nutrition data via scripts/get_food_nutrition.py
    • MUST GET: calories(kcal), protein(g), carbs(g), fat(g)
    • Searches web for calorie/protein/carbs/fat info
    • Falls back to references/food_database.json if needed
    • If complete nutrition data cannot be found, MUST clearly inform user of estimated values
  3. Update daily log via scripts/update_memory.py
    • Saves to memory/YYYY-MM-DD.md
    • RECORD FORMAT: Food Name - XX kcal (P: XXg, C: XXg, F: XXg)
    • Calculates meal totals
    • Updates daily running totals
  4. Report to user:
    • MUST REPORT: calories + protein/carbs/fat grams
    • Today's consumed / remaining calories
    • MUST REPORT: Remaining macronutrient budgets
    • Predicted weight change based on deficit/surplus

When User Asks for Status:

  1. Read current day's memory file
  2. Calculate totals consumed
  3. Report:
    • Remaining calorie budget
    • Remaining protein/carbs/fat (if targets set)
    • Weight change prediction

Scripts

  • scripts/get_food_nutrition.py: Fetches nutrition info + calculates TDEE
  • scripts/update_memory.py: Updates daily memory file with meal data
  • references/food_database.json: Fallback database of common foods

Error Handling

Common Issues

Issue: "Cannot read USER.md" or missing user data

  • Cause: User profile not configured
  • Solution: Ask user for height, weight, age, gender, activity level, and calorie target

Issue: Nutrition lookup fails for uncommon foods

  • Cause: Food not found in online databases
  • Solution: Ask user for approximate calorie count or use similar food from database

Issue: Multiple food items in one meal

  • Cause: User says "I had pizza, salad, and coke"
  • Solution: Process each item separately, sum the nutrition values

Data Format

Daily Memory Entry (memory/YYYY-MM-DD.md)

REQUIRED FORMAT — Must include calories + macronutrients:

## Diet Log

**Breakfast**: [food] - [X] kcal (P: [X]g, C: [X]g, F: [X]g)
**Lunch**: [food] - [X] kcal (P: [X]g, C: [X]g, F: [X]g)
**Dinner**: [food] - [X] kcal (P: [X]g, C: [X]g, F: [X]g)

**Daily Total**: [X] / [target] kcal
- Protein: [X] / [target]g (remaining: [X]g)
- Carbs: [X] / [target]g (remaining: [X]g)
- Fat: [X] / [target]g (remaining: [X]g)
**Predicted weight change**: [-/+ X] kg

⚠️ Strictly prohibited to record only calories while omitting macronutrient grams!

Progressive Disclosure

  • Level 1 (frontmatter): Skill activation criteria
  • Level 2 (SKILL.md): Full workflow instructions (this file)
  • Level 3 (references/): Food database and nutrition guidelines

Comments

Loading comments...