Health Auto Log
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated purpose, but it can automatically write sensitive health records to an AX3 account from broad message matches using an undeclared local credential/config path.
Before installing, confirm that you want chat messages to create AX3 health records, configure the mcporter credentials yourself, and avoid enabling automatic logging unless the skill asks before saving ambiguous numeric messages.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A normal numeric chat message could be mistaken for health data and saved as a persistent health record.
The documented workflow allows broad message matches, including a bare number, to cause an AX3 write before the user is asked to confirm.
Trigger this skill when user messages contain... `69.8` (plain number) ... Record to AX3 via mcporter call to `ax3-personal.record_habit` ... Confirm with user showing what was recorded
Require an explicit health keyword or a user confirmation before calling `record_habit`, and provide a clear way to review or undo created records.
The skill may act under whatever AX3 account and permissions are present in that local config, without making the credential scope clear to the user.
The script uses a local mcporter configuration file to perform AX3 account writes, while the supplied metadata declares no primary credential or required config path.
'mcporter', '--config', '/Users/klcintw/clawd/config/mcporter.json', 'call', 'ax3-personal.record_habit'
Declare the required binary, config path, and credential scope; make the config path user-controlled; and show the target AX3 account before writing.
Installation or execution may fail or may use an unexpected local mcporter setup.
The runtime depends on an external `mcporter` command and config file that are not declared in the skill requirements.
cmd = [
'mcporter',
'--config', '/Users/klcintw/clawd/config/mcporter.json'Document and declare the mcporter dependency, supported platforms, and expected configuration location.
Private health readings from messages will be stored outside the chat context.
The core function persists sensitive health measurements to AX3, which is purpose-aligned but important for users to understand.
record health metrics from user messages and record them to AX3 Personal system. Supports weight, blood sugar, and exercise time tracking
Use only with the intended AX3 account, avoid ambiguous messages, and review AX3 privacy, retention, and deletion controls.