Period Tracker
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is coherent, but it asks the agent to persist highly sensitive menstrual-health data while making privacy, encryption, and deletion promises that are unclear or unsupported by the provided artifacts.
Before installing, assume the period log may be a readable local Markdown file at `~/period/memory.md` unless the platform independently provides encryption. Only use it if you are comfortable storing this sensitive health data locally, and verify how deletion and export actually work.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive reproductive-health details could remain on disk and be reused in future interactions even if the user expects the data to be ephemeral or tightly protected.
This instructs the agent to persist menstrual-cycle, symptom, and correlation data in a local memory file. That is sensitive health information, and the artifacts do not clearly define retention limits, access protections, or how this memory is prevented from being reused outside the intended context.
All user preferences persist in: `~/period/memory.md` ... `### Schedule` ... `### Symptoms` ... `### Correlations`
Require explicit opt-in before storing cycle or symptom data, clearly document retention and deletion behavior, and avoid persistent memory unless the user knowingly enables it.
A user may share very sensitive health information believing it is encrypted and easily removable, when the reviewed artifacts do not substantiate those protections.
The skill makes strong privacy and encryption claims, but the provided artifacts are instruction-only and do not include an encryption or deletion mechanism. This also conflicts with privacy.md guidance to avoid persisting sensitive data in memory.
**Privacy:** Local, encrypted, never shared. She controls everything. Delete anytime.
Remove or qualify unsupported privacy claims, align the storage instructions with privacy.md, and document the exact encryption, export, and deletion process.