Mxyj Heartplus Ecg
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: mxyj-heartplus-ecg Version: 0.0.7 The skill facilitates ECG health management by interacting with the 'Heart+' App API (api.995120.cn). A significant security risk is identified in `gateway_manager.py`, which automatically downloads and executes platform-specific binaries from an external Aliyun OSS bucket (`aigc-online.oss-cn-hangzhou.aliyuncs.com`) to handle encrypted API communication. While this is aligned with the stated purpose of the skill, the execution of remote binaries is a high-risk capability. Additionally, `SKILL.md` contains highly prescriptive 'critical instructions' designed to strictly steer the AI agent's behavior and output formatting, and the skill collects user phone numbers which are stored locally in `config.json`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may require trusting an opaque downloaded executable that can run locally while the skill handles health-app authorization.
The skill depends on downloading platform-specific native healthgateway binaries from a remote OSS location. Hash pinning helps integrity, but the binary itself is not included in the reviewed source and must be trusted separately.
"url": "https://aigc-online.oss-cn-hangzhou.aliyuncs.com/mxyj-skills/heartplus/binary-tool/release/v0.0.2/healthgateway-linux-amd64", "sha256": "0f33ea42cdc98cc419d3b8989712118ed4a203162e2cf5fd2012ae9cdd04ae25"
Install only if you trust the publisher and the binary source. The publisher should provide signed binaries, public provenance, and preferably source or an auditable build process.
If the downloaded gateway binary is compromised or not what the user expects, it could run with the user’s local privileges.
The gateway manager automatically ensures the binary is present, downloads it if needed, then executes it as a subprocess.
bin_path = self.ensure_binary(auto_download=True)
cmd = [str(bin_path), subcommand, *args]
...
result = subprocess.run(Require explicit user approval before first download and execution, show the exact binary source, and run it with the least privileges possible.
The skill can interact with the Heartplus account flow and retrieve authorized ECG report data.
The skill requires phone binding and app authorization to send notifications and retrieve ECG reports. This is central to the stated purpose and is disclosed, but it is sensitive delegated account access.
- 手机号配置与复用 - App 授权通知与授权状态查询 - 安全校验状态核验 - 心电检测通知 - 报告列表与详情查询
Use only with your own Heartplus account and phone number, and review how to revoke or expire authorization if you stop using the skill.
Your phone number and session authorization state may remain on disk after the immediate task is complete.
Phone numbers and per-session authorization state are persisted in the skill configuration file for reuse across sessions.
phones_by_session_key[resolved_session_key] = normalized_phone
config["phones_by_session_key"] = phones_by_session_key
...
config["session_auth_by_session_key"] = session_auth_by_session_key
return self.save_json(config)The skill should document retention and cleanup. Users should remove the stored configuration if they no longer want the skill to remember their phone/session state.