Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Bio Reabilita Z
v1.0.3Protocolo avançado de reabilitação para lesões complexas, combinando IA, análise biométrica, nootrópicos e fisioterapia avançada para otimizar recuperação e...
⭐ 0· 1.1k·2 current·2 all-time
by@zbreda
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill file is a medical rehabilitation manual (bio-rehabilitation, nootrópicos, hormone optimization, device/VR integration, and monetization). The package metadata contains no description and the manifest requests no binaries, credentials, or integrations. The content references other named skills/components (e.g., "Imortalbrain", "Testosterone-Optimization", "Skill PubMed") and continuous biometric monitoring, but the skill does not declare any of those dependencies, APIs, or required credentials — this is an inconsistency between the claimed capabilities and the declared requirements.
Instruction Scope
SKILL.md contains stepwise clinical recommendations (drug/nootropic use, hormone optimization, device-based therapy) and asks for continuous biometric analysis and data validation via PubMed, but it provides no safe boundaries, no consent/triage steps, and no technical instructions for interacting with data sources. It also names a specific operator (@Zbreda) and contains fundraising language. The instructions encourage actions (medication/hormonal optimization) that are clinically sensitive and would require medical oversight — yet there is no mechanism, credentials, or audit trail described for safe execution.
Install Mechanism
There is no install spec and no code files; the skill is instruction-only. This minimizes supply-chain/code-execution risk, but it also means all runtime behavior would come from the agent following prose instructions rather than executed code.
Credentials
The skill asks the agent to access biometric data, PubMed data, and to integrate with other skills/services, but the manifest declares no environment variables, API keys, or required config paths. That mismatch is a red flag: the document expects access to sensitive data and third-party services without requesting the corresponding credentials or describing how access would be obtained or authorized.
Persistence & Privilege
The skill does not request persistent/always-on presence and uses default invocation settings (user-invocable, agent may invoke autonomously). There is no evidence it tries to modify other skills or system configs.
What to consider before installing
This skill is essentially a medical protocol document that instructs on drugs, hormone optimization, continuous biometric monitoring, and external integrations but provides no technical or safety details and declares no dependencies or provenance. Before installing or using it:
- Treat it as potentially unsafe medical advice — do not follow or implement pharmacological or hormonal steps without licensed clinical oversight.
- Ask the publisher for provenance: who authored it, clinical credentials, peer review, and data sources.
- Request technical details: what APIs/skills it integrates with, which credentials it needs, and how patient data and consent are handled.
- Avoid granting access to biometric data or other credentials until those questions are satisfactorily answered and appropriate legal/regulatory safeguards (consent, HIPAA/GDPR if applicable) are in place.
If the author can provide verifiable clinical oversight, declared integrations (with explicit required env vars/config), and safe-operating procedures, reassess; until then the manifest is inconsistent with the skill's claims.Like a lobster shell, security has layers — review code before you run it.
latestvk974m56xzwm4taddq2jct4d13n80zh4y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.