Skillv0.3.5

ClawScan security

health-sync · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 20, 2026, 4:29 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, install, and runtime instructions are coherent with its stated purpose of analyzing synced health data; it asks for local CLI/filesystem access and an npm package install, which match the workflow described.
Guidance: This skill looks internally consistent for analyzing synced health data, but it requires the bot to install a Node CLI and to receive, decrypt, and store provider credentials and a local SQLite cache. Before installing: 1) Confirm you trust the 'health-sync' npm package and its maintainer (check the package page, source repo, and release signatures if available). 2) Ensure the bot host is secure: limit file access, enforce backups/retention policies, and remove the credentials and DB when no longer needed. 3) Prefer the remote bootstrap encrypted-archive flow (the skill prohibits pasting secrets in chat); do not share raw API keys or client secrets in chat. 4) If you cannot trust the bot host or the package, run the onboarding and sync locally and only share non-sensitive exports for analysis.

Review Dimensions

Purpose & Capability: okThe skill is an analyzer for health data and declares exactly the binaries (node, npm, npx), local config/datastore paths (health-sync.toml, .health-sync.creds, health.sqlite), and an npm package install for a 'health-sync' CLI; these are proportionate and expected for the stated purpose.
Instruction Scope: noteRuntime instructions require the agent to run npx health-sync commands, import a user-provided encrypted archive, decrypt it locally, and read/write the declared workspace files and SQLite DB. This is within scope for a data-sync/analysis tool, but it explicitly involves handling user provider credentials on the bot host (the SKILL.md warns about treating them as sensitive).
Install Mechanism: noteInstall is via a Node package ('health-sync'), which is the expected mechanism for a Node-based CLI. Installing an npm package is a normal moderate-risk action (code from registry will run on the host); there are no opaque download URLs or extract steps in the spec.
Credentials: okNo unrelated environment variables are requested. The only required config paths are specific to health-sync (config, creds, sqlite cache), which are appropriate for a cross-provider health-data aggregator.
Persistence & Privilege: noteThe skill does require the agent to store decrypted provider credentials and a SQLite cache on the bot host and to run syncs; always:false is set (no forced global inclusion). This persistence is functionally necessary but increases the impact if the host is compromised—SKILL.md itself emphasizes securing these files.