Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Care
v1.0.0The Autonomous Guardianship & Bio-Optimization Standard. An integrated, proactive health-intelligence layer for the maintenance and enhancement of biological...
⭐ 0· 243·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description claim real-time telemetry, diagnostics, automated interventions, and pharmacy orchestration — capabilities that normally require sensor access, cloud services, device drivers, and multiple credentials. The skill declares no required binaries, no env vars, no config paths, and no install steps, which is inconsistent with the stated purpose and suggests either an incomplete/stub skill or an implementation gap.
Instruction Scope
SKILL.md is conceptual and policy-oriented (ethics, CARE_STACK) but contains no concrete runtime instructions, API endpoints, file paths, or commands. The prose is vague and grants broad, undefined scope (e.g., 'Real-time processing', 'automated pharmacy orchestration') without constraints, which would let an agent attempt wide-ranging data collection or integrations if later paired with code.
Install Mechanism
There is no install spec and no code files. That lowers immediate risk because nothing will be written to disk or executed as part of installation. However, being instruction-only also means the skill currently provides no verifiable implementation.
Credentials
The skill requests no environment variables or credentials, yet its claimed features would legitimately require many sensitive credentials (medical device APIs, cloud storage, pharmacy systems, genomic datasets). The absence of declared credentials is a mismatch — either the skill is nonfunctional or it will later require sensitive access not accounted for here.
Persistence & Privilege
always is false and the skill is user-invocable (normal). disable-model-invocation is false so the agent could call the skill autonomously if implemented. That is the platform default and not itself a red flag, but combined with the vague high-privilege purpose it increases the importance of reviewing any future implementation and credential requests.
What to consider before installing
This appears to be a conceptual or placeholder skill rather than a working integration. It makes high-privilege claims (real-time biometric telemetry, diagnostics, pharmacy orchestration) but provides no code, no install steps, and requests no credentials — an incoherence you should not ignore. Before installing or enabling this for any sensitive workflows: 1) ask the publisher for source code, a homepage, and concrete interface docs showing exactly what APIs, binaries, or devices it uses; 2) require a minimal, justified list of environment variables and a clear data-handling / privacy policy (HIPAA/regulatory compliance if applicable); 3) do not grant access to sensors, medical device interfaces, or cloud credentials until you can audit the implementation; and 4) prefer skills hosted on verifiable sources (repo/homepage) and with explicit install instructions rather than high-level prose. If the author cannot provide such details, treat the skill as nonfunctional and avoid using it for real-world health workflows.Like a lobster shell, security has layers — review code before you run it.
carevk97an1g7q2xfwntxknfyymaxwh82ge0vhealthvk97an1g7q2xfwntxknfyymaxwh82ge0vlatestvk97an1g7q2xfwntxknfyymaxwh82ge0vlongevityvk97an1g7q2xfwntxknfyymaxwh82ge0vmedicalvk97an1g7q2xfwntxknfyymaxwh82ge0vwellnessvk97an1g7q2xfwntxknfyymaxwh82ge0v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.