ClawHub

Mediwise Health Suite

v2.0.8

Family health management suite: health records, diet tracking, weight management, wearable sync. Local SQLite storage by default; optional cloud features req...

1· 477·2 current·2 all-time
by@juneyaooo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (health records, diet, weight, wearable sync) matches the code and instructions. Required binaries (python3, sqlite3, node) and optional env vars (vision/LLM API keys, USDA_API_KEY, owner id, data dir overrides) are consistent with the described functionality. There are no unrelated credentials or surprising external-service requirements in the declared metadata.
Instruction Scope
SKILL.md and module docs clearly describe local-first behavior and when external network calls occur (only after explicit terminal configuration). The runtime routing (index.js) invokes Python scripts and passes owner_id; many scripts accept --owner-id and will operate in single-user mode if owner_id is missing (explicitly warned). The instructions do describe operations that can transmit data to configured endpoints (set-backend) or to vision/LLM providers — this is expected but high-impact, and SKILL.md documents the risk. No instructions ask the agent to read unrelated system secrets or files beyond the skill's config/data paths.
Install Mechanism
No automated remote install is declared (no install spec). The repository contains many code files and a requirements.txt; installation appears to be manual/typical (git clone + deps). There are no suspicious download URLs or archive extraction steps in the provided metadata. Users will need to install Python/Node deps locally before running.
Credentials
No required environment variables are declared; optional env vars (vision/LLM API keys, USDA_API_KEY, MEDIWISE_OWNER_ID, DB path overrides) are proportional to the optional features they enable. The skill stores configured API keys locally (config.json) and backups contain full databases — both are documented. No unrelated keys (e.g., cloud provider master credentials) are requested. The multi-tenant 'owner_id' behavior is powerful: if not configured in a shared deployment, the skill will operate in single-user mode and may expose all local data to the running agent as documented.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It can be invoked autonomously (platform default). The skill writes its own config.json and databases under the skill/data dirs and documents .gitignore for config.json. The significant privilege is user-enabled features (set-backend, enabling remote vision/LLM) which, if turned on, allow transmission of health data to remote endpoints — this is explicit in the docs.
Assessment
This package is internally consistent with its stated purpose, but review and caution are still needed before installing: 1) Verify the repository source and maintainers (homepage claims GitHub repo). 2) Run the code review and tests in an isolated environment before granting it access to real data. 3) By default data is local, but enabling set-backend or configuring a vision/LLM provider will cause the skill to send health records or images to the configured endpoint — only enable those when you fully trust the endpoint. 4) Backups (setup.py backup) produce a .tar.gz containing full databases and config (includes any API keys stored locally); treat backups as highly sensitive. 5) In multi-user/shared deployments, ensure MEDIWISE_OWNER_ID is used correctly — if owner_id is not passed the skill enters single-user mode and could expose all local data to the running agent. 6) Garmin and other wearable bindings may require credentials/OAuth; follow the documented terminal-based setup and avoid pasting secrets into chat. 7) Because the repo contains many Python scripts, install dependencies from requirements.txt in a controlled environment (virtualenv) and inspect any third-party libraries (e.g., garminconnect) for up-to-date security. If you need higher assurance, run the skill in an isolated VM/container and only enable remote features after auditing the code and confirming the remote endpoints.

Like a lobster shell, security has layers — review code before you run it.

chinesevk974p2fsthbkwrams80w6e45b982yxr9dietvk974p2fsthbkwrams80w6e45b982yxr9familyvk974p2fsthbkwrams80w6e45b982yxr9healthvk974p2fsthbkwrams80w6e45b982yxr9latestvk97bxbq2ktt6zq9d5jzx2svnnn84dq15medicalvk974p2fsthbkwrams80w6e45b982yxr9multimodalvk974p2fsthbkwrams80w6e45b982yxr9visionvk974p2fsthbkwrams80w6e45b982yxr9wearablevk974p2fsthbkwrams80w6e45b982yxr9weightvk974p2fsthbkwrams80w6e45b982yxr9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, sqlite3, node

Comments