Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Healthcheck Local
v1.0.0Track water and sleep with JSON file storage
⭐ 0· 88·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to track water and sleep using a JSON file, which is coherent with the instructions. However, SKILL.md commands require Node.js on PATH (they use node -e) and read/write {baseDir}/health-data.json, yet the declared requirements list no required binaries or config paths. Also _meta.json ownerId/version differ from the registry metadata (owner/version mismatch), which is an inconsistency in package metadata.
Instruction Scope
Instructions instruct the agent to run inline NodeJS one-liners that read and write a file under {baseDir}. User-supplied values (CUPS, NEW_CUPS) are interpolated directly into code passed to node -e without escaping or validation, creating a code-injection / arbitrary-execution risk. The skill will also create and modify files in the agent's filesystem ({baseDir}/health-data.json), which is not declared elsewhere in the manifest.
Install Mechanism
Instruction-only skill with no install spec and no external downloads; this is low install risk. Nothing is written to disk by an installer step. The runtime commands themselves write to a JSON file, but that's part of the skill behavior rather than an install step.
Credentials
The skill requests no environment variables or credentials and the SKILL.md does not reference any env vars. That is proportionate to a local, file-based tracker. Note: it implicitly requires filesystem write permission for {baseDir} and the presence of node, which are not declared.
Persistence & Privilege
The skill is not force-enabled (always:false) and uses default autonomous invocation. It writes a local JSON file and modifies it over time; this local persistence is expected for a tracker but does require filesystem access. Autonomous invocation combined with the code-injection risk increases potential impact.
What to consider before installing
This skill appears to be a simple local health tracker, but check these issues before installing:
- Node requirement: SKILL.md runs node -e commands but the manifest does not declare Node as a required binary. Ensure your agent environment provides a trusted node binary or update the skill to declare it.
- Metadata mismatch: ownerId/version in _meta.json differs from the registry metadata — verify the source/author before trusting the skill.
- File writes: the skill will create/modify {baseDir}/health-data.json. Confirm what {baseDir} maps to and whether the agent should have write access there.
- Code-injection risk: the instructions interpolate user input (CUPS, NEW_CUPS) directly into node -e strings. If those values are not strictly validated/escaped, a malicious value can execute arbitrary JS on the host. Prefer safer patterns: a small on-disk Node script that reads numeric args (parseInt) and validates them, or use an API that avoids inline code evaluation.
- If you still want to use it: (1) confirm Node is trusted, (2) replace node -e one-liners with a safe script that validates inputs, (3) restrict file permissions and directory location for health-data.json, and (4) verify the skill author identity given the metadata inconsistencies.Like a lobster shell, security has layers — review code before you run it.
latestvk972xvj834057tstf0thmj00ks83m55x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.