Skillv1.0.0

ClawScan security

Family Health Tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 11, 2026, 6:36 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (local family health record storage) is plausible and coherent, but it makes a privacy guarantee (
Guidance: This skill appears to do what it says (local family health records) and doesn't request extraneous credentials, but there is a key privacy gap you should consider before installing: the SKILL.md assumes data will stay on your device, but it does not address whether the agent's model invocations are local. If your agent uses a cloud-hosted LLM or any remote API, the prompt/context (including health-data.json contents) may be sent off-device even though the skill intends local-only storage. Before installing: 1) Verify where the LLM runs (local vs. cloud). If cloud-hosted, do not store highly sensitive items (SSNs, full policy numbers, bank info) and assume data may be transmitted. 2) Confirm the platform's skill data directory is stored privately (encrypted at rest/backups) and restrict file permissions. 3) Consider disabling autonomous invocation or add a user-confirmation step before the skill reads or writes health-data.json. 4) Test with dummy data to ensure the agent's behavior matches your privacy expectations (it should only read/write the skill's data file and not call external endpoints). 5) If you need stronger guarantees for Protected Health Information, prefer a fully local deployment or a solution with explicit on-device-only model execution and documented non-transmission guarantees.

Review Dimensions

Purpose & Capability: noteName/description match the declared behavior: it stores family health records locally in a JSON file and provides reminders and summaries. It does not request unrelated credentials or binaries. However, the skill assumes the runtime will keep the skill data directory local and private; that assumption is not enforced or qualified in the instructions.
Instruction Scope: concernSKILL.md instructs the agent to always load and write health-data.json and to merge updates. It does not instruct how or whether to avoid sending that file's contents to remote LLMs/APIs. The trigger guidance ('Use when anyone mentions...') is broad and could cause the agent to read or surface sensitive records more often than users expect. There are explicit rules about not storing SSNs and full policy numbers, which is good, but no technical controls to prevent data leaving the agent's process/context.
Install Mechanism: okInstruction-only skill with no install steps, no external downloads, and no code files — low install risk.
Credentials: okNo environment variables, credentials, or config paths are requested; the scope of access (a single local JSON file in the skill data directory) is proportionate to the described functionality.
Persistence & Privilege: noteDoes not request always:true and is user-invocable. However, by default the agent may be invoked autonomously; that means the agent could read/write the local health record without an explicit user prompt if triggered. Consider restricting autonomous invocation or requiring confirmation before reading/writing sensitive records.