Skillv1.2.1

ClawScan security

Healthkit Code Review · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 4:13 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it is an instruction-only HealthKit code review checklist with matching reference docs and it does not request extra credentials, installs, or unrelated capabilities.
Guidance: This skill appears coherent and low-risk: it is a checklist plus HealthKit reference docs and asks only to read the codebase under review. Before installing, ensure you trust the agent's repository read permissions (it will need to see source files to cite call sites). Also be careful not to feed or paste any real user health data or production secrets into the review prompts — the skill evaluates code, but any sample data you include could contain sensitive health information. Finally, if you want to be extra cautious, run the review on a copy of the code (with secrets/redacted data) rather than on live production files.

Purpose & Capability: okName/description, SKILL.md checklist, and the four reference docs all focus on HealthKit review (authorization, queries, background, data types). The skill requests no binaries, env vars, config paths, or installs — which is appropriate for a static code-review helper.
Instruction Scope: okRuntime instructions explicitly direct the agent to inspect code (file paths, call sites, handlers) and follow a specific gated review process. The instructions do not ask the agent to read unrelated system files, access environment variables, or transmit findings externally — they stay within the stated review scope. Note: because it asks the agent to cite file paths and call sites, the agent will need read access to the repository under review.
Install Mechanism: okNo install specification and no code files that execute — this is instruction-only, so nothing will be downloaded or written to disk by an install step.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There are no extraneous secret requests that would be disproportionate to a code-review task.
Persistence & Privilege: okFlags: always=false (not forced), user-invocable=true, disable-model-invocation=false (agent may invoke autonomously, which is the platform default). The skill does not request persistent system presence or modify other skills' configs.