v1.2.1

Health Copilot: Eating, Sleep, and Exercise Tracking

SuspiciousClawScan verdict for this skill. Analyzed Apr 30, 2026, 3:40 PM.

Analysis

This looks like a real health-tracking skill, but it needs Feishu account access and local command-line tools that are not clearly declared, so review permissions before use.

GuidanceBefore installing, verify the source, install lark-cli only from a trusted channel, use a dedicated Feishu base and least-privileged token, pin table IDs, and run dry-run or narrow rebuilds before allowing the skill to write health data.

Findings (8)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

references/nutrition.md

Use `lark-cli base +record-upsert` for raw-write.

Normal logging is implemented through a Feishu CLI upsert command, which is purpose-aligned but can mutate records in an external account.

User impactMeal, sleep, workout, and report actions can create or update Feishu records when invoked.

RecommendationUse a dedicated Feishu base, pin table IDs, and confirm write actions before running broad rebuild or bootstrap commands.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

scripts/bootstrap_health_tables.js

const result = spawnSync('lark-cli', fullArgs, { encoding: 'utf8' });

The skill relies on an external lark-cli helper, while the provided requirements list no required binaries and there is no install spec documenting or pinning that dependency.

User impactUsers may run whichever lark-cli is on their PATH without clear provenance, versioning, or trust guidance.

RecommendationDocument required binaries, trusted install source, minimum version, and expected permissions for lark-cli, Node, and Python.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

scripts/build_monthly_dashboard.js

const proc = spawnSync(cmd[0], cmd.slice(1), { encoding: 'utf8' });

The script executes a local command. In the shown code this is used for Feishu CLI automation and arguments are passed as an array, but it is still local code execution.

User impactRunning the scripts can execute local binaries and perform Feishu operations from the user's environment.

RecommendationRun only from a trusted checkout, verify the lark-cli binary, and use dry-run options where available before applying changes.

Cascading Failures

SeverityLowConfidenceHighStatusNote

references/cross-domain.md

reads `nutrition_daily_history`, `sleep_recovery`, and `exercise_workout` ... aggregates into `monthly_health_calendar` ... upserts by `Date`

Errors in raw health records can propagate into monthly summaries, weekly assessments, and dashboards through the rebuild workflow.

User impactA wrong meal, sleep, or workout entry could affect multiple generated reports until corrected and rebuilt.

RecommendationUse the narrowest rebuild window, validate raw entries first, and pin table IDs to avoid updating the wrong tables.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

metadata

Required binaries: none; Required env vars: none; Primary credential: none; Capability signals: No capability tags were derived.

These declarations understate the Feishu token, lark-cli dependency, and external write authority described in the skill files.

User impactUsers may underestimate the account access, setup requirements, and persistence effects before enabling the skill.

RecommendationUpdate metadata to declare Feishu credentials, required local tools, external persistence, and write-capable operations clearly.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/build_monthly_dashboard.js

'base', '+dashboard-create', '--as', identity, '--base-token', baseToken

The script can create Feishu dashboards using a supplied identity and base token, but the registry declares no primary credential or credential requirement.

User impactA Feishu token or user/bot identity could grant the skill authority to read or modify more data than the user expects.

RecommendationDeclare the Feishu credential requirement, use least-privileged access, prefer a dedicated base, and avoid using broadly shared or administrator-scoped tokens.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

references/data-model.md

Sleep recovery ... sleep score, recovery state, fatigue risk ... Recommended: ... HRV

The skill persists detailed health and recovery metrics, which are sensitive and may be reused in later summaries and dashboards.

User impactPersonal health details can remain in Feishu tables and influence future reports.

RecommendationStore only needed fields, restrict Feishu sharing, review retention, and correct inaccurate records before rebuilding summaries.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

references/nutrition.md

lark-cli base +record-upsert --as user --base-token <base_token> --table-id <nutrition_meal_table_id_or_name>

The skill sends health data through a Feishu/Lark provider CLI using an identity and base token, creating an external data boundary.

User impactHealth records may be transmitted to and stored in the configured Feishu base.

RecommendationVerify the target base and table before writing, avoid shared bases for private health data, and use a narrowly scoped token or identity.