Blood Pressure Tracker
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a simple instruction-only blood-pressure tracking skill with no malicious behavior shown, though users should notice that it handles sensitive health measurements and has an unexplained curl requirement in metadata.
This skill looks benign based on the provided artifacts. Before using it, remember that blood-pressure readings are private health data; check where the underlying tracker stores records, how to delete them, and do not treat automated tips as medical advice.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may enter private health measurements without clear visibility into storage or retention.
The skill is designed to record and analyze blood-pressure readings, which are sensitive personal health data. The artifacts do not explain where records are stored, how long they are retained, or whether they are reused.
- ✅ 血压记录 - ✅ 趋势分析 ... clawhub bp log --systolic 120 --diastolic 80
Only enter data you are comfortable storing, and verify the underlying command or service before relying on it for long-term health records or advice.
The skill may appear to need an external network-capable tool without explaining its purpose.
The package metadata declares a curl binary requirement, but the skill is otherwise instruction-only and does not document why curl is needed.
"requires":{"bins":["curl"]}The publisher should remove or document the curl requirement; users should verify no additional helpers or network calls are introduced outside the provided artifacts.