ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Blood Pressure Tracker

v1.0.0

血压追踪 - 血压记录、趋势分析、健康建议

0· 75·0 current·0 all-time
by@kaising-openclaw1

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kaising-openclaw1/blood-pressure-tracker.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Blood Pressure Tracker" (kaising-openclaw1/blood-pressure-tracker) from ClawHub.
Skill page: https://clawhub.ai/kaising-openclaw1/blood-pressure-tracker
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install blood-pressure-tracker

ClawHub CLI

Package manager switcher

npx clawhub@latest install blood-pressure-tracker
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes a straightforward blood-pressure tracker that runs commands via a 'clawhub' CLI. However _meta.json declares a dependency on 'curl' while the skill metadata/registry said no required binaries; the skill never references 'curl' in its runtime instructions. Also the skill provides no code/homepage/source, so it's unclear why a networking tool would be required. The mismatch between declared requirements and the actual instructions is unexplained.
Instruction Scope
Runtime instructions are limited to local commands like 'clawhub bp log' / 'clawhub bp trend' and do not explicitly read arbitrary files or env vars. That scope is reasonable for the stated purpose. However the instructions assume the presence of the external 'clawhub' CLI and provide no guidance for how the agent or user should obtain it; the README suggests an 'npx clawhub@latest install' flow which could cause the agent/user to fetch and run external code. There's no clarity about where recorded data is stored or whether data is transmitted externally (the Pro/subscription references imply a backend but give no endpoint or privacy details).
!
Install Mechanism
There is no formal install spec in the skill bundle (it's instruction-only). The README suggests installing via 'npx clawhub@latest install blood-pressure-tracker', which would execute code from the npm registry at install time — a moderate-risk action that the SKILL.md doesn't make explicit. The lack of a stable homepage/source or an explicit, trustworthy install source increases risk because arbitrary npm packages can run code on install.
Credentials
The skill declares no required environment variables or credentials and the SKILL.md does not reference any secrets. That is proportionate for a local tracker. The only oddity is the _meta.json 'requires' entry for 'curl' which is not justified by the instructions; this is a metadata mismatch but not a direct credential risk.
Persistence & Privilege
The skill is not always-enabled and does not request elevated agent privileges. It's user-invocable and can be invoked autonomously by the model (platform default) but there is no indication the skill attempts to change other skills' configs or persist beyond normal behavior.
What to consider before installing
This skill appears to be a simple CLI-based blood-pressure helper, but there are inconsistencies and missing trust signals you should resolve before installing or using it. Ask the author for a source repository, homepage, privacy policy, and an explicit install method. Verify whether 'clawhub' is a trusted CLI on your system and whether installing via 'npx' (as suggested in the README) is required — installing unknown npm packages can execute arbitrary code. Confirm where health data is stored and whether Pro/subscription features send data to remote servers. If you cannot verify the publisher or review the code, avoid installing or providing any sensitive data to the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk971dg22qch59mkhaj2s0k4hhs85bv90
75downloads
0stars
1versions
Updated 6d ago
v1.0.0
MIT-0
@kaising-openclaw1
latest
Download

Blood Pressure Tracker

血压追踪工具,监测你的血压健康。

功能

  • ✅ 血压记录
  • ✅ 趋势分析
  • ✅ 健康建议
  • ✅ 异常提醒
  • ✅ 统计报告

使用

# 记录血压
clawhub bp log --systolic 120 --diastolic 80

# 查看趋势
clawhub bp trend --days 30

# 健康建议
clawhub bp tips

# 异常提醒
clawhub bp alert --high 140 --low 90

定价

版本价格功能
免费版¥0基础记录
Pro 版¥39全部功能
订阅版¥9/月Pro+ AI 分析

Comments

Loading comments...