ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill

v1.0.0

Streams Apple Health data via a local webhook server to enable AI analysis, recovery scores, anomaly alerts, and health trend queries.

0· 68·0 current·0 all-time
by@crxiaobailiu-gif
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, and SKILL.md consistently describe a self-hosted webhook to receive Apple Health data, compute recovery scores and alerts, and integrate with notification channels. Those capabilities are coherent with the instructions to run a local server and set up crons. However, the skill does not declare environment variables or credentials that the runtime instructions clearly require (e.g., ADMIN_TOKEN for admin endpoints and credentials/webhooks for Discord notifications), which is an omission that reduces coherence between 'what it says' and 'what it needs to work'.
!
Instruction Scope
The SKILL.md instructs the agent/user to run a webhook server via 'npx healthclaw-webhook-server', create public URLs (Tailscale/Cloudflare/ngrok), generate pairing tokens, create admin users, and write an append-only health-data.jsonl in the user's Application Support directory. These actions will collect and persist highly sensitive personal health data and expose an admin API over the network. The instructions also expect the agent to send alerts via Discord, but do not define how to provide the required notification credentials. The scope (reading/writing health data, issuing pairing tokens, exposing an admin API) is powerful and requires careful access controls; that scope is aligned with the stated purpose but the docs give broad discretion (expose to internet, persist tokens) without mandatory safety steps.
!
Install Mechanism
There is no install spec; instead SKILL.md recommends running 'npx healthclaw-webhook-server'. npx will fetch and execute code from the npm registry at run time, which is effectively a network download and remote code execution step. Because the registry package/source is not bundled or audited here, this raises risk: the agent/host will execute third-party code without an explicit, verifiable install artifact in the skill bundle. The skill.json homepage points to a GitHub repo (helpful), but the skill metadata does not pin or vendor the server binary, nor does it instruct users to inspect or pin the package version before running.
!
Credentials
The skill.json declares no required env vars, and requires.env is empty, but the SKILL.md references optional and configuration environment variables (PORT, HEALTHCLAW_DATA_DIR, ADMIN_TOKEN) as well as many ALERT_* and RECOVERY_* variables and expects notification through Discord. The runtime instructions implicitly require admin tokens and notification credentials (or webhooks) that are not declared by the skill manifest. The omission makes it unclear what secrets the agent will need and where they should be provided; asking the agent to send messages (Discord) without declaring the credential is a meaningful mismatch.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills' configurations. It does instruct running a long-running service (suggests LaunchAgent/systemd) and adding cron jobs that run automatically and can send alerts externally. Autonomous agent invocation (default) combined with scheduled crons means the agent can periodically process and transmit sensitive data — this is expected for the use case but increases privacy risk. No special platform privileges are requested in the manifest.
What to consider before installing
Key things to consider before installing: - Sensitive data: this skill collects and stores Apple Health data (PHI). Only run it if you accept storing those records locally and exposing a network endpoint. - Verify the server package before running: SKILL.md tells you to run `npx healthclaw-webhook-server` (dynamic download/execution). Inspect and pin the npm package (or build from the referenced GitHub repo) before running to avoid executing unexpected code. - Provide and protect admin and notification credentials: SKILL.md uses ADMIN_TOKEN and expects Discord notifications but the manifest doesn't declare these. Decide how you will supply an admin token and how notifications will authenticate (Discord webhook/token) and store those secrets safely. - Prefer a private tunnel: if you must expose the server, prefer Tailscale Funnel or a vetted Cloudflare Tunnel, restrict access, and avoid making the endpoint publicly discoverable. Use strong ADMIN_TOKEN, restrict allowed origins, and firewall unused ports. - Least privilege for notifications: create a dedicated Discord webhook/account with minimal permissions rather than exposing broad personal credentials. - Audit and sandbox: run the server in a constrained account or container, review logs, and limit where the health-data.jsonl file is stored and backed up. Rotate tokens if you suspect exposure. If you want a safer setup: obtain the server source (GitHub repo), review the code or build a pinned release, provide explicit env vars for tokens, and avoid public exposure unless absolutely necessary.

Like a lobster shell, security has layers — review code before you run it.

latestvk979qcha8bxycre4t4y69t4w5d838jzb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments