Allergy
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a local allergy/symptom journal with no evidenced network or credential behavior, but it keeps sensitive health logs on disk and its CLI installation is under-specified.
This looks safe to use if you are comfortable keeping allergy and symptom notes in local plaintext files. Before installing, confirm how the `allergy` CLI is provided, and remember that exports and history logs under ~/.local/share/allergy may contain sensitive health information.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your allergen and symptom history may remain on disk and could be read by anyone or any agent process with access to those local files.
The skill intentionally persists allergy and reaction records, which are sensitive personal health data. Local storage is purpose-aligned, but the records remain available for later search, stats, recent activity, and export.
All data is stored locally at `~/.local/share/allergy/`. Each action is logged with timestamps.
Use it only on trusted devices, avoid entering unrelated secrets, and periodically review or delete files under ~/.local/share/allergy if you no longer need them.
You may need to verify how the local command is made available before relying on it.
The artifacts document an `allergy` command and include a Bash script, but the registry does not describe how that command is installed or exposed. This is a packaging clarity issue, not evidence of malicious behavior.
Install specifications: No install spec — this is an instruction-only skill. Code file presence: scripts/script.sh (11037 bytes).
Install or invoke it only through a trusted path from the stated source, and review any wrapper or installer that exposes the `allergy` command.