ClawHub

Supplement Research

v1.0.0

Evidence-based supplement intelligence powered by the SupStack database (220 supplements, 7,780+ studies, 21 health goals). Use when the user asks about supp...

0· 90·0 current·0 all-time
by@drbaher
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (SupStack supplement advisor) matches what is present: a helper script that queries https://supstack.me/api/v1 for supplement info, search, interactions, recommendations, and a research-monitor feature. Required binaries (curl, jq) are exactly what the script uses.
Instruction Scope
SKILL.md instructs the agent to always use the bundled helper script and to consult/save a user profile (templates/profile.md). The agent is expected to read and update user memory/profile (to track meds/stack) and to include supstack.me pageUrl links in replies. These behaviors are consistent with the skill's purpose but do mean the skill will access and persist user profile/medication/stack data — review that you are comfortable with storing this information locally.
Install Mechanism
There is no remote install step in the package (instruction-only plus bundled scripts). The included shell script is local and calls a public API; no downloads from untrusted URLs or archives are present in the manifest.
Credentials
The skill requests no secrets or third-party credentials. The script optionally respects SUPSTACK_STATE_DIR to change its local state directory, but otherwise relies only on the user's HOME for local state. No unrelated env vars or keys are requested.
Persistence & Privilege
always:false (normal). The skill writes local state to ~/.openclaw/workspace/supstack (onboarded flag, monitor.json, seenStudyIds) and includes a cron configuration (cron/research-monitor.json) to run periodic checks. This enables proactive messages (research monitor); that is expected but means the skill can deliver unsolicited research alerts if enabled. It does not modify other skills or system-wide credentials.
Assessment
This skill is internally consistent and appears to do what it says: it queries the SupStack API, returns evidence-backed supplement data, and persists minimal state under ~/.openclaw/workspace/supstack (onboarded flag, research monitor config, seen study IDs). Before enabling: 1) Confirm you trust the external endpoint (https://supstack.me) because the skill makes live network calls; 2) Be aware the skill saves your stack/medications/profile locally for safety checks — don't enable it if you don't want that data stored on the machine; 3) If you don't want proactive updates, don't enable the research monitor cron or disable its cron entry; 4) Inspect the helper script at ~/.openclaw/skills/supstack/scripts/supstack.sh yourself (it's plain shell) to satisfy yourself there are no unexpected network destinations or behaviors. If you want a deeper check, provide the rest of the script (monitor-check and other truncated sections) and I can re-evaluate those parts.

Like a lobster shell, security has layers — review code before you run it.

api-poweredvk976e2rdb1cmhsr5m6qm5cvz8x839psxhealthvk976e2rdb1cmhsr5m6qm5cvz8x839psxlatestvk976e2rdb1cmhsr5m6qm5cvz8x839psxnutritionvk976e2rdb1cmhsr5m6qm5cvz8x839psxresearchvk976e2rdb1cmhsr5m6qm5cvz8x839psxsupplementsvk976e2rdb1cmhsr5m6qm5cvz8x839psxtrackingvk976e2rdb1cmhsr5m6qm5cvz8x839psx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💊 Clawdis
Binscurl, jq

Comments