AI-Cardiac-Rehab
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with access to the local database file or device backups could see sensitive health information, and incorrect stored entries could affect future recommendations.
The app persistently stores sensitive cardiac health profile data and daily symptom/vital logs, which are later reused to generate advice.
CREATE TABLE IF NOT EXISTS profiles (... heart_disease TEXT, ef INTEGER, ... medications TEXT ...); CREATE TABLE IF NOT EXISTS daily_logs (... symptoms TEXT, hr INTEGER, bp_sys INTEGER, bp_dia INTEGER, exercise_min INTEGER, ... notes TEXT ...)
Use it only on a trusted device, protect or encrypt the local database, avoid entering more health data than needed, and have cardiac rehab plans reviewed by a clinician.
The app may fail to start if users follow only the registry or SKILL.md quick-start instructions.
The runtime requires a SECRET_KEY, but the registry metadata declares no required environment variables; this is an install/documentation gap rather than hidden behavior.
secret_key = os.getenv("SECRET_KEY") ... if not secret_key: ... sys.exit(1)Before running, set a strong SECRET_KEY environment variable and consider updating the skill metadata/quick start to declare it explicitly.