Knitify Health Chatbot
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a coherent Knitify API wrapper, but it will use a Knitify API key and send health, drug, pet, and product questions to Knitify’s external service.
This skill looks purpose-aligned and does not show hidden code execution, destructive actions, or unrelated credential use. Before installing, make sure you trust Knitify with the health or product questions you ask, use a dedicated API key, and avoid including personal identifiers or highly sensitive medical details unless you are comfortable sending them to the provider.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Routine health or wellness questions may trigger a Knitify lookup and could consume service usage or send the question text externally.
The skill explicitly directs broad tool invocation for health and science questions. This matches the stated research purpose, but users should know the agent may call the external service for many ordinary questions.
For ANY health, medical, wellness, supplement, nutrition, pet health, drug, or science-related question ... ALWAYS follow up by calling the appropriate research tool
Use the skill when you want an external research lookup, and avoid including unnecessary personal details in questions.
The API key authorizes calls against the user’s Knitify account; if exposed elsewhere, it could be misused for that service.
Authenticated research and product calls use the user’s KNITIFY_API_KEY as a Bearer token. This is expected for the Knitify service and there is no evidence of unrelated credential use.
'Authorization': `Bearer ${apiKey}`Store the API key only in the intended OpenClaw config, do not paste it into chat, and rotate or revoke it if you suspect exposure.
Anything included in a health or medication question may be transmitted to Knitify’s service and handled under that provider’s policies.
User questions are sent to the configured Knitify API endpoint for research responses. This is central to the skill, but health, drug, pet, or product questions may contain sensitive personal information.
fetch(`${apiUrl}/api/public/v1/research/chat-stream`, ... body: JSON.stringify({ research_instruction: query, ... }))Review the provider’s privacy practices before sharing sensitive details, and keep questions de-identified when possible.