ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Heart Rate Tracker

v1.0.0

心率追踪 - 心率记录、运动心率、健康分析

0· 32·0 current·0 all-time
by@kaising-openclaw1
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and SKILL.md consistently describe heart-rate logging, exercise entries, analysis, and alerts — the requested functionality is coherent. However _meta.json claims curl is required while registry metadata lists no required binaries; README suggests installing via `npx clawhub@latest install heart-rate-tracker`. Those inconsistencies around required tooling and installation are unexplained.
Instruction Scope
SKILL.md only instructs use of `clawhub hr` subcommands for logging, exercise, analysis, and alerts — these stay within the stated purpose. But the instructions assume an external `clawhub` CLI exists; the skill provides no code or network endpoints, and does not disclose whether the CLI stores or uploads health data. That reliance on an external tool increases privacy risk.
!
Install Mechanism
There is no install spec in the skill bundle (instruction-only), yet README suggests using `npx clawhub@latest install heart-rate-tracker` and _meta.json lists curl as a required binary. This mismatch (no declared install vs. implied npm-based install and curl dependency) is incoherent and means the true install path and code provenance are unclear.
Credentials
The skill requests no environment variables, no config paths, and no credentials in the bundle. That is proportionate to the stated purpose. Caveat: the external `clawhub` CLI (not included) may itself request credentials or network access — this is not declared here.
Persistence & Privilege
The skill does not request always:true and has no install-time code in the bundle that would grant persistent privileges. Nothing in the bundle attempts to modify other skills or system settings.
What to consider before installing
This skill's behavior appears to match a heart-rate tracker, but there are unresolved provenance and installation questions you should resolve before installing or running it: 1) Confirm where the `clawhub` CLI comes from and review its source (the skill does not include it). 2) Ask the publisher for a homepage or repository so you can inspect code that actually performs logging/analysis — health data is sensitive. 3) Clarify the install method (bundle has no install spec but README suggests npx) and why _meta.json demands curl. 4) If you proceed, run the CLI in a sandboxed environment and monitor network traffic to ensure it does not exfiltrate data. If you cannot verify the CLI's source or inspect its behavior, avoid installing or supplying any real personal health data.

Like a lobster shell, security has layers — review code before you run it.

latestvk972cha0w4r1h1qfg0h7fv2r7s85awd8
32downloads
0stars
1versions
Updated 15h ago
v1.0.0
MIT-0
@kaising-openclaw1
latest
Download

Heart Rate Tracker

心率追踪工具,监测你的心脏健康。

功能

  • ✅ 心率记录
  • ✅ 运动心率
  • ✅ 健康分析
  • ✅ 异常提醒
  • ✅ 统计报告

使用

# 记录心率
clawhub hr log --bpm 75

# 运动心率
clawhub hr exercise --type "running" --bpm 150

# 健康分析
clawhub hr analyze

# 异常提醒
clawhub hr alert --high 100 --low 60

定价

版本价格功能
免费版¥0基础记录
Pro 版¥39全部功能
订阅版¥9/月Pro+ AI 分析

Comments

Loading comments...