Medication Reminder
Security checks across malware telemetry and agentic risk
Overview
This skill stores medication data locally, but its reminder functions are incomplete and one command has unsafe argument handling that could expose local files.
Review this skill carefully before use. It does not appear to provide reliable medication reminders, and its history command should not be given untrusted input. If you use it anyway, treat it as a simple local note log and remember that medication data will be stored on disk.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent passes untrusted text into the history command, the script may read and print files outside the medication reminder data directory.
The history argument is not validated as a number and is expanded unquoted into a shell command, so crafted input can be treated as tail options or additional file paths rather than only a day count.
tail -${2:-20} $DATA_DIR/intake.jsonl 2>/dev/nullValidate the history value as a bounded integer, quote variables, and use a safe form such as `tail -n "$days" -- "$DATA_DIR/intake.jsonl"`.
A user could mistakenly rely on this skill for medication reminders even though the provided implementation does not appear to perform that function.
The advertised schedule and due-dose commands do not actually calculate or display medication schedules or due reminders.
cmd_schedule() {
echo 'Current medication schedule:'
}
cmd_due() {
echo 'Medications due now:'
}Treat this as an incomplete local log, not a reliable medication reminder, unless the developer implements real schedule and due-dose logic and clearly documents limitations.
Anyone with access to the local user account or backups may be able to view the stored medication history.
Medication names, doses, schedules, and intake history are sensitive health information and are persisted locally across invocations.
Data stored in `~/.local/share/medication-reminder/`.
Use this only on trusted devices, avoid entering unnecessary sensitive details, and remove the data directory if you no longer want the records stored.