health-reasoner
PassAudited by ClawScan on May 9, 2026.
Overview
The skill appears to be a local health-habit scoring tool, with only optional local history storage and optional Flask API setup to review.
This looks safe for local use, but treat any entered health information and optional history files as private. Do not run API mode unless you need it, and install Flask only if you are comfortable adding that dependency.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you enable history, health-related scores and risk details may remain on disk and should be treated as private.
The tool processes health-related profile fields and can persist assessment history when a history file is configured.
medical_history: List[str] = None ... if not self.history_file: return ... json.dump(self.history, f, indent=2, ensure_ascii=False)
Use the history option only when you want local tracking, store the file in a private location, and delete it when no longer needed.
Running the setup script and choosing API support will install a third-party package from pip.
The setup script optionally installs Flask without a pinned version, which is a normal but noticeable package-supply-chain choice for API mode.
read -p "是否安装 Flask 以启用 API 服务? (y/N): " ... pip3 install flask
Only install Flask if you need API mode, and consider pinning or reviewing the package version in controlled environments.