GutCheck Digestive Health Tracker
ReviewAudited by ClawScan on May 10, 2026.
Overview
The package describes a digestive health tracker, but the provided artifacts mainly point to unreviewed remote installation and include ClawHub publishing commands that are not needed for normal health tracking use.
Install only after reviewing the external GitHub repository and npm dependencies. Do not run the ClawHub publishing script or publishing instructions unless you intentionally want to publish this skill from your own account. Treat any meal, symptom, and health records entered into the app as sensitive data and verify its privacy protections first.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the tracker could execute code and dependency scripts that were not included in this review.
The reviewed package does not include the actual app implementation, and SKILL.md points users to clone and install dependencies from an external repository. That remote code and npm install behavior are outside the provided review evidence.
"kind": "git", "url": "https://github.com/openclaw/gutcheck.git", "dest": "./gutcheck" ... "command": "cd gutcheck && npm install"
Review the referenced GitHub repository and npm dependency tree before running npm install or starting the app.
If followed, these instructions could publish or modify a ClawHub skill using the user's account.
The documentation asks for ClawHub authentication and skill publication authority. That is a privileged account action and is not needed for a normal user to track digestive health.
npx clawhub login ... npx clawhub publish ./gutcheck-skill --slug gutcheck --name "GutCheck Digestive Health Tracker"
Do not run the publishing instructions unless you intentionally intend to publish this package and understand the account impact.
Running the script can perform a public registry action from the user's environment rather than simply launching the health tracker.
The included executable script invokes a shell command that publishes to ClawHub. This is unrelated to the tracker runtime and uses external CLI behavior.
execSync(`npx clawhub publish ${tempDir} --slug gutcheck --name "GutCheck Digestive Health Tracker" --version 1.0.0 --changelog "Initial release of GutCheck skill"` , { stdio: 'inherit' });Avoid running publish_gutcheck.js unless you have reviewed it and specifically want to publish the skill.
Meal logs, symptoms, and derived food sensitivity insights may be stored locally and should be protected like other health data.
The application is designed to persist meal and digestive-response data in a database. That is purpose-aligned, but it is sensitive health-related information.
MONGODB_URI=mongodb://localhost:27017/gutcheck ... POST /api/diet/add-meal ... GET /api/diet/my-meals
Use a strong JWT secret, protect the database, and avoid entering health information unless you are comfortable with the app's storage model.
Users may over-trust privacy protections for sensitive health information without confirming how the actual app stores and protects data.
The package makes a strong privacy and encryption claim, but the reviewed artifacts do not include the app implementation needed to verify it.
Privacy-Focused: All personal health data remains encrypted and under user control, with no sharing with third parties without explicit consent.
Verify the implementation of encryption, access controls, and data sharing behavior before relying on the privacy claim.