Period Tracker
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive reproductive-health details could remain on disk and be reused in future interactions even if the user expects the data to be ephemeral or tightly protected.
This instructs the agent to persist menstrual-cycle, symptom, and correlation data in a local memory file. That is sensitive health information, and the artifacts do not clearly define retention limits, access protections, or how this memory is prevented from being reused outside the intended context.
All user preferences persist in: `~/period/memory.md` ... `### Schedule` ... `### Symptoms` ... `### Correlations`
Require explicit opt-in before storing cycle or symptom data, clearly document retention and deletion behavior, and avoid persistent memory unless the user knowingly enables it.
A user may share very sensitive health information believing it is encrypted and easily removable, when the reviewed artifacts do not substantiate those protections.
The skill makes strong privacy and encryption claims, but the provided artifacts are instruction-only and do not include an encryption or deletion mechanism. This also conflicts with privacy.md guidance to avoid persisting sensitive data in memory.
**Privacy:** Local, encrypted, never shared. She controls everything. Delete anytime.
Remove or qualify unsupported privacy claims, align the storage instructions with privacy.md, and document the exact encryption, export, and deletion process.