Mental Health
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a local mental-health helper, but it has a misleading mood-scoring flow and stores sensitive wellness logs persistently without a clear working deletion path.
Use caution before installing. The skill does not show network exfiltration or credential use, but mental-health entries may be saved locally, and the mood self-check scoring should not be relied on for clinical judgment. If you use it, avoid entering highly sensitive details unless you know where the files are stored and how to delete them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user who follows the questionnaire could be told their state is good even when the earlier scale suggests they may need support.
The script first presents a depression-style 0-27 total score where 8 indicates symptoms, then tells users to run check 8, but the code interprets 8 as a good 8/10 mood score.
总分: 0-4 无/极轻 5-9 轻度 10-14 中度 15-27 重度 ... 例如: bash mental.sh check 8 ... if [ "$score" -ge 8 ]; then ... 状态评估: 良好
Separate the 1-10 mood check from the 0-27 questionnaire, validate inputs, and avoid giving reassuring assessments for clinical-style scores unless the scale is handled correctly.
Sensitive mental-health or wellness entries may remain on the device longer than expected and may be displayed later through history/export commands.
User-entered wellness data is written to persistent local logs and can be exported, but the reset function only prints instructions and does not delete the stored data.
DATA_DIR="${MENTAL_HEALTH_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/mental-health}" ... cmd_log() { echo "$(date +%Y-%m-%d) $*" >> "$DB"; ... } ... cmd_export() { [ -f "$DB" ] && cat "$DB" || echo "No data" } ... cmd_reset() { echo " Use: reset --confirm to clear data"Clearly disclose local storage in SKILL.md, document the exact file paths, implement a real confirmed delete/reset command, and minimize automatic command-history logging.
There is no evidence of malicious installation behavior, but the runnable path is ambiguous.
The package is described as instruction-only while also shipping shell scripts and documenting a mental-health command, so users should verify how the command is installed or invoked.
No install spec — this is an instruction-only skill.
Add an explicit install/entrypoint declaration or clarify that the scripts are optional examples.