Security checks across malware telemetry and agentic risk
This skill is not clearly malicious, but it asks an agent to collect and remember very sensitive health and calendar context automatically, with limited user-control guidance.
Review this before installing if you are comfortable giving an agent access to Fulcra health data, calendar context, and persistent health memory. Use it only in a private, trusted environment; avoid group/public channels; set a fixed trusted Fulcra CLI command; and define your own retention, deletion, and opt-in rules for calendar, CGM, nutrition, and conversation-derived health notes.
from fulcra_api.core import FulcraAPI
client = FulcraAPI()
cli = shlex.split(os.environ.get("FULCRA_CLI_COMMAND", "uv tool run fulcra-api"))
proc = subprocess.run(
[*cli, "auth", "print-access-token"],
capture_output=True,
text=True,from fulcra_api.core import FulcraAPI
api = FulcraAPI()
cli = shlex.split(os.environ.get("FULCRA_CLI_COMMAND", "uv tool run fulcra-api"))
proc = subprocess.run(
[*cli, "auth", "print-access-token"],
capture_output=True,
text=True,from fulcra_api.core import FulcraAPI
client = FulcraAPI()
cli = shlex.split(os.environ.get("FULCRA_CLI_COMMAND", "uv tool run fulcra-api"))
proc = subprocess.run(
[*cli, "auth", "print-access-token"],
capture_output=True,
text=True,from fulcra_api.core import FulcraAPI
api = FulcraAPI()
cli = shlex.split(os.environ.get("FULCRA_CLI_COMMAND", "uv tool run fulcra-api"))
proc = subprocess.run(
[*cli, "auth", "print-access-token"],
capture_output=True,
text=True,from fulcra_api.core import FulcraAPI
api = FulcraAPI()
cli = shlex.split(os.environ.get("FULCRA_CLI_COMMAND", "uv tool run fulcra-api"))
proc = subprocess.run(
[*cli, "auth", "print-access-token"],
capture_output=True,
text=True,from fulcra_api.core import FulcraAPI
client = FulcraAPI()
cli = shlex.split(os.environ.get("FULCRA_CLI_COMMAND", "uv tool run fulcra-api"))
proc = subprocess.run(
[*cli, "auth", "print-access-token"],
capture_output=True,
text=True,from fulcra_api.core import FulcraAPI
api = FulcraAPI()
cli = shlex.split(os.environ.get("FULCRA_CLI_COMMAND", "uv tool run fulcra-api"))
proc = subprocess.run(
[*cli, "auth", "print-access-token"],
capture_output=True,
text=True,def save_state(state):
"""Persist current state for next run's change detection."""
os.makedirs(os.path.dirname(STATE_PATH), exist_ok=True)
with open(STATE_PATH, 'w') as f:
json.dump(state, f, indent=2, default=str)
def diff_insights(current_output, last_state):from fulcra_api.core import FulcraAPI
client = FulcraAPI()
cli = shlex.split(os.environ.get("FULCRA_CLI_COMMAND", "uv tool run fulcra-api"))
proc = subprocess.run(
[*cli, "auth", "print-access-token"],
capture_output=True,
text=True,from fulcra_api.core import FulcraAPI
api = FulcraAPI()
cli = shlex.split(os.environ.get("FULCRA_CLI_COMMAND", "uv tool run fulcra-api"))
proc = subprocess.run(
[*cli, "auth", "print-access-token"],
capture_output=True,
text=True,from fulcra_api.core import FulcraAPI
api = FulcraAPI()
cli = shlex.split(os.environ.get("FULCRA_CLI_COMMAND", "uv tool run fulcra-api"))
proc = subprocess.run(
[*cli, "auth", "print-access-token"],
capture_output=True,
text=True,VirusTotal findings are pending for this skill version.