CareMax Members

v1.0.0

Manage family members in CareMax Health. Use when a user asks about family health tracking, switching between family member profiles, or viewing another fami...

⭐ 0· 96·0 current·0 all-time

byQitao Yang@kittenyang

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kittenyang/caremax-members.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "CareMax Members" (kittenyang/caremax-members) from ClawHub.
Skill page: https://clawhub.ai/kittenyang/caremax-members
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install caremax-members

ClawHub CLI

Package manager switcher

npx clawhub@latest install caremax-members

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's description (manage family/family-member data in CareMax) matches the API calls shown. However, it mandates a sibling dependency ('../caremax-auth') for authentication that is not declared in the registry metadata. Requiring an auth helper is reasonable, but the dependency should be explicitly declared so users know what's needed and where code will be executed from.

Instruction Scope

SKILL.md instructs the agent to execute ../caremax-auth/scripts/api-call.sh and, if missing credentials, to immediately run ../caremax-auth/scripts/auth-flow.sh in the background. This directs the agent to execute arbitrary scripts in a relative path outside the skill's own files and to autonomously start an auth flow — both of which are outside the narrow 'list/switch family members' description and could trigger network calls, credential storage, or other side effects without further disclosure.

✓

Install Mechanism

There is no install spec and no code files in this skill itself (instruction-only), so nothing is installed by the skill package. The execution risk comes from calling sibling scripts, not from an install mechanism in this skill.

Credentials

The skill declares no required environment variables or credentials, yet it depends on external auth scripts which presumably manage credentials. Because those credential requirements are hidden (not declared in requires.env or primaryEnv), the skill's metadata understates the sensitive access it needs. That mismatch reduces transparency about what secrets or accounts will be used.

ℹ

Persistence & Privilege

always:false and no special OS restrictions — the skill itself does not request permanent inclusion. However, the instruction to 'immediately run ... auth-flow.sh' in the background could create a persistent process or auth state on disk (depending on what the sibling script does). The skill does not declare that behavior in metadata.

What to consider before installing

This skill appears to be what it claims (managing family members), but it implicitly requires and will execute scripts from a sibling package (../caremax-auth) that are not declared in the skill metadata. Before installing or running the skill: 1) Verify the source of the caremax-auth package and install it explicitly from a trusted origin. 2) Inspect ../caremax-auth/scripts/api-call.sh and auth-flow.sh to see what network endpoints they call, how credentials are obtained/stored, and whether they prompt for input. 3) Ask the skill author to declare caremax-auth as a dependency and to document the auth flow and any credential storage locations. 4) Refuse automatic background auth flows unless you understand and consent to what they do; prefer a workflow that prompts the user before starting network-authentication processes. If you cannot inspect or verify the sibling scripts, treat this skill as higher risk and avoid granting it access to live credentials or systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk970p63vv1acfbkdm3pex9wk1d83vr3z

96downloads

0stars

1versions

Updated 4w ago

v1.0.0

MIT-0

CareMax Family Members

Requires caremax-auth as a sibling directory (../caremax-auth/). If missing, tell the user to install caremax-auth first (e.g. npx skills add KittenYang/caremax-skills).

List and work with family member profiles. CareMax supports tracking health data for multiple family members.

Prerequisites — Auto-Auth (MANDATORY)

APICALL="bash ../caremax-auth/scripts/api-call.sh"

If api-call.sh returns {"error":"no_credentials",...} → immediately run bash ../caremax-auth/scripts/auth-flow.sh [base_url] in background (from this skill’s root). If the user specified a custom URL, pass it as the argument.

List Members

$APICALL GET /api/skill/members

Response: {"members":[{"id":"...","name":"...","gender":"...","relationship":"self","is_default":1},...]}

Using memberId in Other Queries

Pass memberId to scope queries to a specific family member:

# Indicators for a specific member
$APICALL GET "/api/skill/indicators?memberId=xxx"

# Records for a specific member
$APICALL POST /api/skill/records/query '{"memberId":"xxx"}'

# Search for a specific member
$APICALL POST /api/skill/records/search '{"query":"血常规","memberId":"xxx"}'

Recommended Workflow

"show my wife's blood sugar":

# 1. Find spouse member
$APICALL GET /api/skill/members
# 2. Get indicators for that member (extract spouse's id)
$APICALL GET "/api/skill/indicators?memberId={spouse_id}"
# 3. Get trend for blood sugar indicator
$APICALL GET "/api/skill/indicators/trend?id={indicator_uuid}"

Notes

Every account has a default member (is_default: 1 = the user themselves)
If no memberId specified, queries return data for the default member
relationship values: self, spouse, child, parent, sibling, other

Comments

Loading comments...