Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
CareMax Members
v1.0.0Manage family members in CareMax Health. Use when a user asks about family health tracking, switching between family member profiles, or viewing another fami...
⭐ 0· 47·0 current·0 all-time
byQitao Yang@kittenyang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's description (manage family/family-member data in CareMax) matches the API calls shown. However, it mandates a sibling dependency ('../caremax-auth') for authentication that is not declared in the registry metadata. Requiring an auth helper is reasonable, but the dependency should be explicitly declared so users know what's needed and where code will be executed from.
Instruction Scope
SKILL.md instructs the agent to execute ../caremax-auth/scripts/api-call.sh and, if missing credentials, to immediately run ../caremax-auth/scripts/auth-flow.sh in the background. This directs the agent to execute arbitrary scripts in a relative path outside the skill's own files and to autonomously start an auth flow — both of which are outside the narrow 'list/switch family members' description and could trigger network calls, credential storage, or other side effects without further disclosure.
Install Mechanism
There is no install spec and no code files in this skill itself (instruction-only), so nothing is installed by the skill package. The execution risk comes from calling sibling scripts, not from an install mechanism in this skill.
Credentials
The skill declares no required environment variables or credentials, yet it depends on external auth scripts which presumably manage credentials. Because those credential requirements are hidden (not declared in requires.env or primaryEnv), the skill's metadata understates the sensitive access it needs. That mismatch reduces transparency about what secrets or accounts will be used.
Persistence & Privilege
always:false and no special OS restrictions — the skill itself does not request permanent inclusion. However, the instruction to 'immediately run ... auth-flow.sh' in the background could create a persistent process or auth state on disk (depending on what the sibling script does). The skill does not declare that behavior in metadata.
What to consider before installing
This skill appears to be what it claims (managing family members), but it implicitly requires and will execute scripts from a sibling package (../caremax-auth) that are not declared in the skill metadata. Before installing or running the skill: 1) Verify the source of the caremax-auth package and install it explicitly from a trusted origin. 2) Inspect ../caremax-auth/scripts/api-call.sh and auth-flow.sh to see what network endpoints they call, how credentials are obtained/stored, and whether they prompt for input. 3) Ask the skill author to declare caremax-auth as a dependency and to document the auth flow and any credential storage locations. 4) Refuse automatic background auth flows unless you understand and consent to what they do; prefer a workflow that prompts the user before starting network-authentication processes. If you cannot inspect or verify the sibling scripts, treat this skill as higher risk and avoid granting it access to live credentials or systems.Like a lobster shell, security has layers — review code before you run it.
latestvk970p63vv1acfbkdm3pex9wk1d83vr3z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.