Skillv1.0.2

ClawScan security

Hypertension Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 31, 2026, 3:54 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions are internally consistent with a local, day-focused hypertension record-and-report assistant; no credentials, installs, or suspicious code are present, though a few minor inconsistencies and an unknown third‑party audio link warrant caution.
Guidance: This skill appears coherent and low-risk: it records same‑day blood pressure entries, evaluates them against included reference guidelines, recommends audio relaxation resources, and can produce a downloadable Markdown report. Before installing: 1) Be aware the audio links point to a third‑party site (myxt.com); verify those URLs yourself before clicking — they could track visits or change content. 2) If you want real multi‑day tracking, this skill does not keep cross‑session history — you must save reports yourself. 3) This is not a medical device — follow professional medical advice for concerning readings. 4) If you need stronger assurance, ask the developer to (a) explain the audio host and (b) either remove multi‑day fields from the template or clarify how multi‑day values are populated.

Purpose & Capability: okThe name/description (recording blood pressure, trend analysis, audio therapy, single-day reports) matches the SKILL.md and included templates and references. It does not request unrelated credentials, binaries, or system access.
Instruction Scope: noteSKILL.md confines operations to parsing user input, using read_daily/edit_daily for same‑day data, and generating a Markdown report for download. It explicitly avoids edit_memory/long‑term storage. Minor inconsistency: the report template contains multi‑day fields (total_days, trend, etc.) even though the skill claims it cannot access historical data across sessions; this may be harmless (placeholders) but could mislead users about long‑term tracking.
Install Mechanism: okInstruction-only skill with no install spec and no code files to execute. This is the lowest install risk.
Credentials: okNo environment variables, credentials, or config paths are requested. The skill's claimed data needs (age, gender, same‑day BP readings) are proportionate.
Persistence & Privilege: okalways is false; the skill does not request persistent privileges or modify other skills. It explicitly states it will not persist sensitive data across sessions and uses only daily diary storage and user‑downloaded reports.