Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
血糖管理助手
v1.0.0管理个人血糖数据,支持手动记录、文件导入、血糖趋势预测和健康建议。当用户提到血糖、糖尿病管理、血糖记录、血糖预测、饮食建议、运动建议时使用此技能。
⭐ 0· 69·0 current·0 all-time
bylining@liningg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to store all data locally and only provide analysis/predictions, which matches the included scripts, dependencies, and no external install URLs. However, there are mismatches between components: SKILL.md/README and data_manager refer to '~/.workbuddy/data/glucose_readings.json', while advice_generator.py uses '~/.workbuddy/glucose_data.json'. Several scripts expect different JSON field names (e.g., data_manager and many analysis scripts use 'value' and a 'readings' array, whereas advice_generator refers to 'glucose_value' and 'records'/'user_profile'). These inconsistent defaults and schemas mean different parts of the package may not interoperate and could create unexpected files or lost data. This is disproportionate to the stated purpose and should be fixed before use.
Instruction Scope
SKILL.md instructs the agent to run local scripts (record, import, analyze, predict, recommend), which aligns with available scripts. But instructions assert that 'All data stored locally' and list a single canonical storage path that is not consistently honored by the code. The runtime examples and scripts reference local filesystem paths only (no explicit external endpoints in shown files), which is appropriate; however the mismatch in filenames/keys grants the agent broad discretion to read/write multiple locations and may produce or read unexpected files. Also the SKILL.md contains detected unicode control characters (prompt-injection signal) which could be used to manipulate runtime parsing—this is unexpected for a medical-recording skill.
Install Mechanism
No install spec (instruction-only at packaging level), so nothing will be implicitly downloaded at install time. The included skill.json declares typical Python data-analysis dependencies (pandas, openpyxl, matplotlib/plotly, numpy) which are appropriate for this functionality. There are no remote download URLs or unusual installers observed in the provided excerpts.
Credentials
The skill does not request any environment variables, credentials, or config paths beyond local user-home storage. That is proportionate for a local glucose manager. No evidence in the visible files of requests for unrelated secrets.
Persistence & Privilege
always is false and the skill does not request elevated privileges. The package writes to user-local directories (~/.workbuddy), creates backups, and manages files within that directory — reasonable for its purpose. It does not declare any behavior that modifies other skills or system-wide agent settings in the provided excerpts.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contained unicode control characters detection. This is not expected for a straightforward local health assistant and may indicate an attempt to influence prompt parsing or evaluation. It is not evidence of data exfiltration by itself, but warrants caution and manual inspection of the SKILL.md and any parsing logic that consumes it.
What to consider before installing
What to consider before installing:
1) Inconsistent local storage and schemas: Several files disagree about the canonical storage path and JSON schema (examples: data_manager stores ~/.workbuddy/data/glucose_readings.json with 'readings' and 'value', while advice_generator defaults to ~/.workbuddy/glucose_data.json and looks for 'glucose_value' and 'records'). This will likely cause parts of the skill to read an empty file or create separate files. Ask the author or inspect/standardize the code (pick one path/format) before trusting your real health data.
2) Audit the omitted files for network activity: The provided excerpts show no network calls, but 21 files were truncated in the package. Before use, grep the full code for networking libraries or calls (requests, urllib, socket, http.client, ftplib, boto3, paramiko, websockets, aiohttp, smtplib) and for hardcoded URLs or IPs. If any are present, get an explanation and justification.
3) Fix schema mismatches or run in a sandbox: Because scripts use different field names and locations, run the skill first in an isolated environment (or a disposable account) and verify where files are written and what keys are used. Backup any existing ~/.workbuddy data before running.
4) Prompt-injection artifact: The SKILL.md included unicode-control characters flagged by static scanning. That could be benign (formatting artifacts) but may also be used to manipulate parsers. Manually inspect the SKILL.md for hidden characters and remove them or ask the author to provide a clean copy.
5) Privacy claims vs. reality: The README/SKILL.md claim 'no external transmission'. Confirm by static audit (search for network I/O) and by monitoring network activity when running the skill (e.g., in a sandbox) if you plan to store real personal health data.
6) Reasonable dependencies but install carefully: The dependency list is appropriate for offline analysis, but these Python packages should be installed from trusted package repositories. Prefer creating a virtual environment.
7) If you lack time/skill to audit: Consider not installing or only use after the author addresses the data-path and schema inconsistencies and provides assurance (or a signed release) that no telemetry exists. If you proceed, keep sensitive or real patient data out until you've validated behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97cx4w2bskmzme1ck76nnndk583hcag
License
MIT-0
Free to use, modify, and redistribute. No attribution required.