Health Git
v1.0.0Implements Git-like workflow for health tracking, allowing users to log data, submit intervention plans for expert review, and audit health events.
⭐ 0· 226·0 current·0 all-time
by@erinyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The SKILL.md describes a local 'health-git' service (Git-like workflow for health logs) and all instructions (start uvicorn, seed data, curl the API) are consistent with that purpose. Minor mismatch: the registry lists no required env vars but the docs show optional ENV vars (HEALTH_GIT_BASE_URL, AUTH_ENABLED, CONSUMER_API_KEY, REVIEWER_API_KEY). That's reasonable for an example but should be noted.
Instruction Scope
Instructions are limited to starting a local web service and calling its REST endpoints on http://localhost:8090. They do not instruct reading unrelated system files or exfiltrating data to external hosts. Example curl requests include x-api-key headers and rule updates; these are appropriate for the described functionality.
Install Mechanism
No install spec and no code files are bundled; SKILL.md tells the user how to install dependencies and run a project they must provide. This is low-risk from the skill package perspective (nothing is written by the platform).
Credentials
The skill itself does not declare required credentials, but the runtime examples show optional API keys and an AUTH_ENABLED flag. Requesting API keys for consumer/reviewer roles is proportionate to the service's auth model. Important: the default instructions indicate authentication is off by default—this is a security/privacy risk if run in non-local or network-exposed environments.
Persistence & Privilege
The skill does not request persistent privileges (always:false) and does not modify other skills or global agent settings. Autonomous invocation is allowed by platform defaults but the skill's instructions are limited to local API interactions.
Assessment
This skill is an instructions document for running and using a local 'health-git' service — it does not include code in the package, so you must provide or obtain the actual project code before the commands will work. Before running: 1) Verify the service source (there's no homepage/source link provided). 2) Only run the server on localhost or behind proper network controls; do not expose it publicly. 3) Enable authentication (AUTH_ENABLED=true) and configure strong, unique API keys for CONSUMER_API_KEY and REVIEWER_API_KEY before putting any real patient data into the system. 4) Review and audit any rule changes (e.g., MEDICATION_CHANGE_REVIEW keywords) because they affect clinical workflow and safety. 5) Treat any stored data as potentially protected health information — use appropriate encryption, access controls, and comply with relevant regulations. 6) If you will run third-party code (pip install / uvicorn), inspect that code or run it in an isolated/test environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk9779mn6tq17qybx5fgk9xvhqh82ad9w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.