Skillv1.6.1

ClawScan security

Health Management · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 22, 2026, 3:34 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, instructions, and optional backup behavior are coherent with a local health-tracking assistant; the only noteworthy risk is the optional GitHub backup which, if enabled, requires access to git credentials and SSH keys — otherwise the skill stays local and uses web_search for missing food data.
Guidance: This skill appears coherent for local health tracking, but review the following before enabling: 1) Backup is optional — if you enable GitHub backup the included scripts may read ~/.ssh and ~/.gitconfig or use system git credentials to push data to the repository you provide. Only enable backup for a repo you control (prefer private) and inspect the scripts (configure_backup.sh, backup_health_data.sh, check_git_config.sh, manage_backup.sh) to confirm behavior. 2) Dynamic food lookup uses web_search/web_fetch and will send queries to the web — avoid sending highly sensitive personal medical text via those queries. 3) Test with dummy/non-sensitive data and a test repository first to verify commits and network calls. 4) If you want completely offline usage, keep backup disabled and avoid features that trigger web_search. If you want extra assurance, open manifest.json and verify the declared permissions match PERMISSIONS.md before installing.

Review Dimensions

Purpose & Capability: okName/description (health tracking, scoring, supplement management, multi-user/timezone) match the included templates, scoring logic, and helper scripts. The presence of language/timezone utilities, multi-user folder layout, and backup scripts is expected for this functionality.
Instruction Scope: noteSKILL.md confines actions to reading/writing per-user files under memory/health-users/, performing web_search/web_fetch for missing food info, and optionally backing up to a user-provided GitHub repo. This is mostly scoped to the skill's purpose. Note: dynamic food lookup will issue web_search queries (external network) and auto-update the food database; automatic backup (if enabled) will run shell scripts that interact with git.
Install Mechanism: okNo install spec (instruction-only) — lowest install risk. There are readable shell scripts included; nothing is downloaded or extracted during install. Scripts are bash text files, not binary downloads.
Credentials: concernThe skill declares no required env vars by default, which aligns with core features. However, the optional GitHub backup feature may access ~/.ssh, ~/.gitconfig, or system git credential storage to push to the user's repo. That is sensitive but explained as opt-in in PERMISSIONS.md. Also SKILL.md/PERMISSIONS mention using web_search/web_fetch (network) to fetch nutrition info — reasonable but worth noting if you want fully offline operation.
Persistence & Privilege: okalways:false and normal autonomous invocation are used. The skill writes only to its own workspace (memory/health-users/) and its own scripts/templates. It does not request permanent platform-wide privileges or modify other skills' configurations.