ovulation-tracking

This package appears to implement the fertility-tracking features described, but review these before installing: - Data flow: The docs promise "local processing" but also describe using Oura Cloud, Open-Meteo, and sending partner emails. Confirm whether the instance will contact external APIs (Oura/Open-Meteo/SMTP) in your deployment and whether you accept that network traffic. - Secrets in config: The example shows storing Oura tokens and an email password in config.json. Avoid storing plaintext credentials in files that other users/processes can read; prefer platform secrets, file-protected token stores, or per-skill env vars. - Unimplemented / advertised features: Photo-based LH-strip analysis, automatic email sending, and some integrations are advertised but left as TODOs in code. If you rely on those features, verify their actual implementation and where image data would be uploaded or processed. - Privacy: The skill records intimate health data and may transmit alerts/photos to third parties (partner). If you enable partner alerts or photo uploads, confirm recipient addresses and that you consent to sending such data externally. - Cross-skill calls: The skill references an ouraSkill API. If you wire it to other agent skills, review permissions and ensure only the intended data is shared across skills. If you want to proceed: run the code in a sandbox, inspect network calls (or run offline), and avoid populating config.json with sensitive credentials until you’ve verified where and how they’re used.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.