Bmi
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Anyone with access to the user's account, backups, or local files may be able to view logged weight, BMI, goals, or related health notes.
Why it was flagged
The skill persistently records fitness and BMI-related activity, which can include sensitive health information even though it remains local.
Skill content
All data is stored locally at `~/.local/share/bmi/`. Each action is logged with timestamps.
Recommendation
Use the skill only for information you are comfortable storing locally, and protect or periodically delete/export the data directory if needed.