ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Health

v1.0.1

Analyze wearable health CSV exports (steps, heart rate, sleep, calories, SpO2, exercise, distance) and produce compact JSON reports for hourly, daily, weekly...

0· 422·0 current·0 all-time
by@javiersgjavi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (analyze wearable CSV exports and produce JSON reports) align with the included Python modules and scripts (hourly/daily/weekly/monthly/sleep analyses, loaders, and reporting). The SKILL.md dependency note (Python 3.10+ and pandas) matches the code's use of pandas and datetime. No unexpected cloud or unrelated service credentials are requested.
Instruction Scope
SKILL.md instructs running local Python scripts with --data-path/--data-dir and --timezone; the scripts and analysis modules operate on local data (CSV/ZIP/directories) and produce JSON to stdout or --output-dir. In the provided source snippets the code only reads local files (data and previous JSON outputs) and does not access environment variables, system configuration, or external network endpoints.
Install Mechanism
No install specification is present (scripts are run directly). This is low-risk but requires the host to provide Python 3.10+ and pandas. The package includes many source files but nothing that downloads or extracts remote archives was observed. Users should install dependencies in a virtualenv or sandbox.
Credentials
The skill declares no required env vars, credentials, or config paths. The code snippets do not read os.environ or other secrets. Requested access (local CSV/ZIP health exports) is proportional to the stated analysis purpose.
Persistence & Privilege
always:false and default autonomous invocation are set (platform default). The skill does not request to persist configuration or alter other skills. No indication of attempts to modify system-wide settings or other skills' configs in the reviewed files.
Assessment
This skill appears coherent and focused: it reads local wearable exports and emits JSON reports. Before installing or running it: (1) run in an isolated environment (virtualenv/container) and install Python 3.10+ and pandas; (2) review the remaining omitted files (12 files were not shown in the prompt) if you want maximum assurance; (3) treat output and inputs as sensitive health data—do not upload them to external services unless intended; (4) if you do not want the agent to invoke skills autonomously, adjust the agent/skill invocation settings. Running the scripts on a small sample dataset in a sandbox is a good first test.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fgebwsjvtjjm899f2njzef982831z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments