WHO Growth Charts
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependencies pulls code from the configured Python package index, which can affect local security and reproducibility.
The setup instructions use user-directed, unpinned Python package installation. This is purpose-aligned for a Python charting/data-processing skill, but it relies on the user's package source and current package versions.
pip install pandas matplotlib scipy openpyxl
Install dependencies from a trusted package index or environment; consider pinning versions if reproducibility matters.
The skill may contact WHO's CDN and cache downloaded reference files before producing charts.
The script downloads official WHO reference files from a remote CDN and caches them locally. This is disclosed and central to the skill's purpose, but chart output depends on remote file availability and integrity.
WHO_CDN_CHILD = "https://cdn.who.int/media/docs/default-source/child-growth/child-growth-standards/indicators"
Use the skill only when network access to WHO is acceptable; clear the local cache if you do not want downloaded reference files retained.
Child growth charts may remain on disk and could reveal personal health information to anyone with access to the workspace.
Generated chart files can persist child identifiers and health measurements locally. This is expected for a chart-generation tool, but users should treat the output directory as sensitive.
`name`: Child's name (used in chart title) ... By default, charts and cache are written to: `<workspace>/who-growth-charts/`
Choose a private output directory, avoid sharing generated charts unintentionally, and delete outputs when no longer needed.
If the optional Withings workflow is used, health data may be written to a temporary file and then consumed by this charting script.
The documentation describes an optional handoff from another skill into this one using a temporary JSON file. It is disclosed and user-directed, but it can involve health data from another service.
Combine with `withings-family` skill to fetch weight data automatically: `python3 ../withings-family/scripts/withings.py emma body > /tmp/withings.json`
Use the Withings example only if you trust the other skill and are comfortable storing the exported health data locally; remove temporary files afterward.