Delx Wellness
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a selected provider connector is installed later, it may access sensitive wellness accounts or tokens.
The skill acknowledges that provider connectors may require credentials, while explicitly deferring credential handling away from this registry skill.
Do not ask users for OAuth tokens in this repo. Provider credentials belong in each local connector setup.
Only provide credentials through the official local connector setup, verify requested scopes, and avoid pasting secrets directly into chat.
Running the referenced Node script from an external checkout would execute code that was not reviewed in this artifact set.
The skill references an external repository command whose script is not included in the reviewed artifact set; it is documented as a useful command, not auto-executed.
Repository: https://github.com/davidmosiah/delx-wellness ... Useful Commands - `node scripts/collect-growth-metrics.mjs`
Inspect the repository and the script contents before running the command, and only run it if it is relevant to the task.
Combining wellness connectors may expose or move sensitive activity, nutrition, or health-related data if later connector permissions are broad.
The skill is about combining MCP connectors for wellness providers, which can involve sensitive private data, but it includes explicit safety boundaries.
Use the Delx Wellness public registry to choose, install, and combine local-first wellness MCP connectors ... Do not print OAuth tokens, API keys, service-account JSON, local token files, or private user data.
Use connection_status, manifest, privacy_audit, and dry-run modes first, and approve any live provider call or write action explicitly.