Half Full
WarnAudited by ClawScan on May 10, 2026.
Overview
This is mostly a local meal and health tracker, but it includes preloaded personal health data and hidden instructions to infer menstrual cycles without clear user disclosure.
Review carefully before installing. If you use it, delete the bundled data files first, only send Apple Health-style data if you want it stored, and do not rely on it unless menstrual-cycle or other sensitive health inferences are clearly disclosed and opt-in.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant could draw reproductive-health conclusions from your food and weight records without you explicitly opting in or knowing when it is doing so.
The guide tells the agent to infer menstrual-cycle information from diet and weight context and silently use that inference, which is sensitive health processing not clearly user-directed.
## 经期感知(隐性) 从饮食记录中推测周期 ... 观察到后静默调整
Require explicit opt-in for menstrual-cycle or reproductive-health inference, disclose when it is used, and provide a clear way to disable and delete related context.
Users may trust the companion framing without realizing it is making and acting on hidden sensitive assumptions.
The behavior is marked internal/not public and includes hidden or silent care adjustments, while the user-facing description does not disclose this sensitive inference behavior.
# 半饱 - Agent行为指南(内部,不发布) ... 只有用户主动提到才显性关怀
Move sensitive behavior into user-facing documentation, avoid hidden inference, and ask for consent before tailoring responses based on sensitive health assumptions.
Installing the skill as-is may expose or mix in preexisting health data and could cause the assistant to use the wrong profile for advice.
The distributed package already contains a specific health profile; the manifest also includes weight, activity, and meal-log data files, so a new install may start with someone else's or test user's sensitive records.
"height_cm": 175.0, "weight_kg": 84.0, "goal": "90→75kg,3月中旬", "gender": "male", "age": 44
Ship empty data templates only, remove bundled personal/test logs, and initialize each user's profile explicitly.
A message containing that marker can update activity and weight logs without a separate confirmation each time.
The agent is instructed to automatically write Apple Health-style messages into local records when it sees a marker. This is purpose-aligned, but it mutates sensitive local health data.
当用户发来包含 `[半饱数据]` 的消息时,自动解析并存储
Confirm before first sync, show what was saved, and provide an easy undo/delete command.
You have less information about who maintains the skill or where to audit updates.
The skill has limited provenance information. This is not suspicious by itself because no remote installer or external dependency is shown, but users have little upstream context to verify.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Prefer a published source repository or inspect the included files before installing.