ClawHub

Excretion Tracker

v0.4.1

Track bathroom events (pee/poop) via chat: start time, duration, color, pain, and Bristol stool scale. Generates weekly summaries and optional constipation r...

0· 349·0 current·0 all-time
byHerveClawd@herve-clawd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included CLI and Python script: a local pee/poop tracker storing events, producing weekly summaries, and optional reminder config. No cloud credentials or unrelated services are requested. However, the card-generation SOP references a single hard-coded path (/Users/herve.clawd/.openclaw/.../nano-banana-pro/scripts/generate_image.py) which is user-specific and not justified by the skill's purpose — this looks like an author example copied into the instructions rather than a portable detection mechanism.
Instruction Scope
SKILL.md instructs the agent to run the bundled CLI (scripts/excretion.py) and store data locally (~/.openclaw/excretion/excretion.db) which is within scope. The only out-of-scope instruction is the optional card flow: if cards are enabled the agent is told to detect a specific absolute path and invoke an external image-generation script (via 'uv run' with an absolute path). Executing an arbitrary third-party script (nano-banana-pro) is outside the core logging purpose and requires trust in that other package.
Install Mechanism
No install spec; skill is instruction-only with a local Python script. Nothing in the skill automatically downloads or writes external code. The only execution of external code would occur if the user has installed nano-banana-pro; the skill does not itself install that package.
Credentials
The skill requests no environment variables or credentials (proportional). It stores sensitive health-related data locally in plaintext SQLite under the user's home directory; no encryption or remote upload is present. That storage is expected but is a privacy consideration rather than a credential mismatch.
Persistence & Privilege
Skill does not request permanent platform privileges (always:false) and does not modify other skills. It creates/reads local files under ~/.openclaw which is consistent with its function. Autonomous invocation is allowed by default (normal for skills) but combine this with card-generation risks if enabled.
What to consider before installing
This skill appears to implement a local bathroom/event logger and matches its description, but pay attention to two issues before installing or enabling features: 1) Privacy: all entries (sensitive health data) are stored unencrypted at ~/.openclaw/excretion/excretion.db — consider whether you’re comfortable storing this locally and back it up/secure it appropriately. 2) Card generation risk: the optional image flow will attempt to detect and run a third-party script at a hard-coded path (/Users/herve.clawd/...), and if present will execute that code. Do NOT enable cards unless you trust the nano-banana-pro package and have inspected its code; prefer to keep card generation disabled. Additional checks that would raise confidence: verifying that nano-banana-pro (if used) comes from a trusted source, removing or making the image-generator path configurable (not a hard-coded user path), and optionally adding encryption or an opt-in consent step before storing very sensitive logs.

Like a lobster shell, security has layers — review code before you run it.

latestvk975ckjm15yg96v33akyhn5wf582b3x7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments