Skillv1.0.0

ClawScan security

Health Guardian · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:03 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code broadly matches its stated purpose (import Apple Health exports and detect anomalies) but contains multiple mismatches and omissions that look like sloppy or incomplete engineering rather than outright maliciousness — review before installing.
Guidance: This package appears to implement local import and anomaly detection for Apple Health exports, but several inconsistencies suggest it's incomplete or poorly maintained rather than dangerous. Before installing or scheduling it to run automatically: 1) Manually inspect and (if needed) correct the file paths in scripts/import_health.py to match where your phone/app actually exports data (or update config.json); 2) Note that SKILL.md mentions scripts/summary.py which is missing — expect to add or implement that functionality if you need it; 3) Run the scripts in a sandbox account or VM first to confirm they only read the intended iCloud folder and write to the skill's data/ directory; 4) If you plan to add alerting channels (Telegram, etc.), implement secure credential handling and audit network calls — the provided code does not send alerts externally; 5) Prefer manual runs until you confirm behavior, and avoid blindly adding the suggested cron job until paths and behavior are verified. If you want higher assurance, ask the author for the upstream repository (package.json points to a GitHub URL) and check commit history and an upstream release. If you need, I can produce a patch to align the README/config with the import paths and add missing stubs (e.g., summary.py) or help test the scripts in a sandbox.

Review Dimensions

Purpose & Capability: concernThe scripts implement Apple Health import and anomaly detection, which aligns with the description, but there are notable mismatches: SKILL.md instructs users to point at 'iCloud Drive/Health Auto Export' and references Health Auto Export app exports, while import_health.py is hard-coded to a different iCloud path (iCloud~com~ifunography~HealthExport/Documents and an AutoSync subfolder). config.example.json and the SKILL.md example use different data_dir/data_source locations. SKILL.md references scripts/summary.py, but that file is not present. These inconsistencies mean the package as-distributed may not operate as the docs claim without manual edits.
Instruction Scope: concernRuntime instructions ask the agent/user to set up iCloud exports, a cron job, and add health-check text to HEARTBEAT.md — all reasonable for a proactive importer — but the instructions assume files will live in a different path than the importer actually checks. The SKILL.md claims 'Nothing leaves your machine. No cloud. No telemetry.' The provided code contains no network calls or remote endpoints, so that appears accurate. However the instructions are incomplete/contradictory (missing summary.py, mismatched paths) which could lead users to grant cron/scheduled access and then have the skill read unexpected iCloud folders.
Install Mechanism: okThere is no install spec or external download. The skill is instruction+script only and ships its Python scripts in the package — no remote installers or networked dependencies were found in the provided files.
Credentials: noteThe skill requests no environment variables, credentials, or external tokens. SKILL.md and config.example mention an 'alert_channel' (e.g., telegram) but no code implements sending alerts to Telegram or other external services; this is a functional omission (or a stub) rather than an over-broad credential request. The importer does read iCloud drive paths and writes local data files under the skill's data/ directory and /tmp; this access is consistent with its purpose but does involve user iCloud files.
Persistence & Privilege: okThe skill is not always-enabled and does not request special platform privileges. It suggests adding a cron job (user action) for periodic import; that is a user-controlled persistence mechanism rather than an automatic, always-on modification to the agent or system.