Health Git
Security checks across malware telemetry and agentic risk
Overview
The skill is coherent and not obviously malicious, but it can write health records, approve health-intervention plans, and change safety rules while authentication is disabled by default.
Use this only with a trusted local Health Git service. Before using real health data, enable authentication, replace example keys, separate patient/reviewer/admin permissions, require human confirmation for PR reviews and rule changes, and verify the service code and data-retention behavior.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unauthorized assistant action could approve a health plan or alter medication/adherence safety checks for future reviews.
These endpoints let the assistant approve or reject health-intervention PRs and modify configurable safety rules. The artifact gives direct curl workflows but does not define confirmation, role checks, or rollback requirements for these high-impact changes.
`审核 PR | POST | /api/prs/{pr_id}/review` ... `更新检查规则 | PATCH | /api/rules/{rule_id}`Require explicit user confirmation for reviews and rule changes, enforce server-side role checks, and keep a clear rollback/audit process for safety-rule edits.
If the local service is reachable without authentication, anyone or any process with access could perform reviewer actions or mutate health workflow state.
Reviewer-like authority is represented by an API key, but authentication is documented as off by default. This creates an unclear permission boundary for expert review actions and safety configuration changes.
`-H "x-api-key: reviewer-key"` ... `鉴权默认关闭;生产环境请设置 AUTH_ENABLED=true 并配置 API key`
Enable authentication before using real data, use separate patient/reviewer/admin keys, avoid default example keys, and declare required credentials clearly.
Real health data may remain in the service database and could be reused for analytics or model-training signals unless the implementation limits retention and access.
The workflow stores personal health check-ins and audit events, and metrics may be reused as training signals. This is purpose-aligned, but it is sensitive persistent data.
`记录每日饮食、运动、用药打卡` ... `所有操作写入 events 表` ... `作为 reward model 训练信号`
Use test data until privacy controls are clear, document retention/deletion behavior, and separate or anonymize any data used for analytics or training.
Installing or running the referenced service could execute code that was not reviewed in these artifacts.
The skill depends on running a local project and Python dependencies that are not included in the provided artifact set, so this scan cannot assess that service code or dependency provenance.
`cd <项目目录>` ... `pip install -r requirements.txt` ... `uvicorn app.main:app --reload --port 8090`
Inspect the local project, requirements file, and dependency sources before running the service, especially before entering real health information.