Healthcheck Litiao
PassAudited by ClawScan on May 1, 2026.
Overview
This is a simple local water/sleep tracker, but it uses Node commands and stores personal health logs in a local JSON file, and its package metadata is inconsistent.
This skill is reasonable for local water and sleep tracking. Before installing, confirm the package identity because the registry and _meta metadata differ, and remember that it will run local Node commands and keep your health log in `{baseDir}/health-data.json`.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can execute local Node commands that create or modify the health-data JSON file.
The skill uses inline Node commands to read and write the tracker file. This is expected for an instruction-only local JSON tracker, but it means the agent/user must run local commands.
node -e "const fs=require('fs');const f='{baseDir}/health-data.json'; ... fs.writeFileSync(f,JSON.stringify(d));"Install/use it only if you are comfortable with local command execution for this purpose, and ensure Node is available before relying on it.
The skill appears benign, but the metadata mismatch could make it harder to confirm exactly which package or publisher you are installing.
The included _meta.json does not match the registry metadata shown for owner, slug, and version. This is a provenance/package-identity ambiguity, although the skill content itself is simple and no hidden code is present.
"ownerId": "kn7129pr4xtrwpbxszgx6bmfjx80a9pz", "slug": "healthcheck", "version": "1.0.2"
Verify that the publisher, slug, and version are the ones you intended before installing.
Your sleep and water records will remain on disk in the skill's base directory and may be visible to anyone or anything with access to that file.
The skill stores sleep and water history persistently in a local JSON file. This is core to the purpose, but the records may be personal and can be reused or modified across future interactions.
File: `{baseDir}/health-data.json` ... "water": [{"time": "ISO8601", "cups": 2}], "sleep": [{"time": "ISO8601", "action": "sleep|wake"}]Keep the base directory private, review or delete `health-data.json` when needed, and do not store information there that you would not want locally persisted.