Back to skill
Skillv1.0.0
ClawScan security
Personal Nutrition · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 3:23 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is an instruction-only personal nutrition coach that reads and updates a single local workspace file for logs and does not request extra credentials or install anything.
- Guidance
- This skill is coherent and low-risk in terms of capability alignment, but consider privacy: it will read and update a local file that stores your eating, water, and weight logs. Before installing or following the README's external download instructions, verify the source (ClawhHub link) and back up or review the storage file. If you run OpenClaw on a shared or production VPS, ensure the container filesystem permissions are appropriate and you are comfortable storing personal health data unencrypted in the workspace. If you prefer, restrict the skill from writing files or review the file contents periodically.
Review Dimensions
- Purpose & Capability
- okThe name/description (personal nutrition coach) matches the actions described in SKILL.md: reading/updating a local nutrition log, tracking meals, water, calories and weight, and giving advice. It does not request unrelated credentials or binaries.
- Instruction Scope
- okRuntime instructions are narrowly scoped: read /data/.openclaw/workspace/knowledge/personal/nutrition.md at the start, consider chat history, and update that same file when the user provides food/water/weight info. No other files, system paths, environment variables, or external endpoints are referenced.
- Install Mechanism
- noteThere is no install spec in the registry (instruction-only), which is low risk. The README includes a user-facing install suggestion (download ZIP from 'ClawhHub' and extract) — this is outside the skill bundle and should be vetted by the user before following; the skill itself does not perform downloads or execute installers.
- Credentials
- okThe skill requests no environment variables or credentials, which is proportionate to its stated purpose of local logging and advice.
- Persistence & Privilege
- okalways:false and no elevated privileges requested. The skill writes only to its own workspace knowledge file (/data/.openclaw/workspace/knowledge/personal/nutrition.md), which is expected for a tracker. It does not modify other skills or system configuration.