ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Health Industry Specialist

v1.0.0

提供健康减重、美容美体方案,支持抖音内容运营、客户管理、智能预约及销售数据分析。

0· 58·0 current·0 all-time
by@lin77057742-cell

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lin77057742-cell/health-industry-specialist.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Health Industry Specialist" (lin77057742-cell/health-industry-specialist) from ClawHub.
Skill page: https://clawhub.ai/lin77057742-cell/health-industry-specialist
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install health-industry-specialist

ClawHub CLI

Package manager switcher

npx clawhub@latest install health-industry-specialist
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description promises CRM, appointment automation, Douyin/WeChat integration, payment sync and automatic replies — capabilities that normally require API credentials, integration code, and installable components. However, the skill declares no required env vars, no binaries, no install, and no code files. That mismatch suggests the skill as-published cannot actually perform the stated automated integrations.
Instruction Scope
SKILL.md and the reference docs are primarily guidance, templates, and pseudocode. They do not instruct the agent to read local secret files or call external endpoints, which is good, but they refer to automated behaviors (e.g., '抖音私信自动接入CRM', '预约系统对接抖音本地生活') without specifying how credentials or endpoints are provided. The instructions are high-level and leave broad implementation discretion, which is vague and could hide assumptions about external access.
!
Install Mechanism
There is no install spec (instruction-only), which is low-risk in itself, but SKILL.md lists a scripts/ directory (appointment-system.js, data-analysis.js, content-generator.js) that are not present in the package. That discrepancy is an incoherence: the skill references executable components that aren't shipped. It's unclear whether those scripts are expected to be provided at runtime, fetched dynamically, or simply omitted.
!
Credentials
The skill claims integrations with Douyin, WeChat, payment gateways and data synchronization, which normally require multiple credentials and webhook/config paths. Yet requires.env is empty and no primaryEnv is declared. Requesting no credentials while promising such integrations is disproportionate and ambiguous — either the skill cannot perform those tasks, or it expects the agent to obtain credentials by other means (not specified).
Persistence & Privilege
The skill does not request persistent presence (always:false) and defaults for autonomous invocation are standard. There is no indication it modifies other skills or system-wide configuration. Note: autonomous invocation combined with broad integration access would increase risk, but that's not present here.
Scan Findings in Context
[no_regexp_findings] expected: The regex-based scanner had no code to analyze because this is instruction-only and no code files are present. That absence of findings is expected for an instruction-only package but does not imply safety.
What to consider before installing
This package looks like a set of business templates, content guidance and pseudocode rather than a working integration. Before installing or using it for real customer data: (1) Ask the publisher for the missing scripts and for exact details of how external integrations (Douyin, WeChat, payment) are authenticated and where credentials are stored. (2) Do not provide real API keys, payment credentials, or personal health data until you review the actual integration code and security practices. (3) If you expect automated messaging/appointments, require a security review of any code that will access webhooks or third-party APIs and insist on least-privilege service accounts and auditing. (4) If the skill will process personal medical data, verify legal/regulatory compliance (local health data rules) and encryption/access controls. (5) If the author cannot provide the missing executable components and a clear integration plan, treat the skill as documentation-only and do not rely on it for automated operations.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e2bb2rd19fg6f7j9n04hs8185fn0e
58downloads
0stars
1versions
Updated 4d ago
v1.0.0
MIT-0
@lin77057742-cell
latest
Download

健康产业专家技能

描述

专为小怪瘦(厦门)健康产业有限公司定制的健康产业专家技能。专注于健康减重、美容美体业务,支持抖音本地生活运营、客户管理、智能预约和行业知识库。

适用场景

  • 健康减重咨询与方案制定
  • 美容美体服务推荐
  • 抖音内容策划与运营
  • 客户关系管理(CRM)
  • 智能预约系统
  • 减重知识库查询
  • 销售数据分析

核心功能

1. 抖音运营支持

  • 本地生活内容策划
  • 短视频脚本生成
  • 评论自动回复
  • 数据分析与优化

2. 客户管理

  • 客户档案管理
  • 服务记录跟踪
  • 预约管理
  • 跟进提醒

3. 健康减重专家

  • 个性化减重方案
  • 营养饮食建议
  • 运动计划制定
  • 进度跟踪

4. 美容美体顾问

  • 皮肤分析建议
  • 美容项目推荐
  • 美体方案制定
  • 效果评估

5. 数据分析

  • 销售数据分析
  • 客户转化率分析
  • 服务效果评估
  • 市场趋势分析

使用方法

基本查询

健康减重咨询:[用户需求]
美容美体建议:[用户情况]
抖音内容策划:[主题]
客户管理:[操作]

数据分析

销售数据分析:[时间段]
客户转化分析:[渠道]
服务效果评估:[服务类型]

文件结构

health-industry-specialist/
├── SKILL.md
├── references/
│   ├── weight-loss-knowledge.md
│   ├── beauty-knowledge.md
│   ├── douyin-operations.md
│   └── crm-templates.md
└── scripts/
    ├── appointment-system.js
    ├── data-analysis.js
    └── content-generator.js

注意事项

  1. 所有健康建议仅供参考,需结合专业医师意见
  2. 客户数据需严格保密
  3. 抖音内容需符合平台规范
  4. 定期更新行业知识库

更新日志

  • v1.0.0: 初始版本,专为小怪瘦健康产业定制

Comments

Loading comments...