ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Photo Calorie Tracker

v1.0.0

Photo Calorie Tracker - Recognizes food photos, logs daily calorie intake, and analyzes any date range. Use when: the user sends food images or asks about ca...

0· 153·0 current·0 all-time
by@bobo23456
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the behavior: the SKILL.md and scripts focus on recognizing food images, estimating calories, logging daily records, and producing reports. The files referenced (workspace memory, temp image dir, and a local target_calorie config) are coherent with the stated purpose.
Instruction Scope
Instructions explicitly tell the agent to copy images into /root/.openclaw/workspace/temp_qqdata/, use the platform 'image' tool, and read/write per-day markdown records under /root/.openclaw/workspace/memory/. This is within the skill's scope but does require the skill to read and write files in the agent's workspace (including user-provided images). The SKILL.md and the script assume specific record formats and (in the script) Chinese section headings (grep '午餐'/'晚餐'), which may cause functional mismatches but not a security issue.
Install Mechanism
No install spec or external downloads; only an included bash script (scripts/report.sh) and some config/text files. No archives or remote code fetches detected.
Credentials
The skill requires no environment variables, credentials, or external service tokens. All file access is to workspace paths declared in SKILL.md and present in the bundle (config/target_calorie.txt).
Persistence & Privilege
always is false and the skill does not request system-wide changes or modify other skills. It will read/write its own workspace files (normal for this kind of skill).
Assessment
This skill appears internally consistent: it analyzes food photos using the platform 'image' tool and reads/writes files in /root/.openclaw/workspace (temp images and per-day memory markdown files). Before installing, consider: (1) it will store and read any images you copy into the temp folder — avoid placing sensitive photos there; (2) the included shell script reads per-day markdown records and expects certain headings (the script searches for Chinese labels), so you may need to adapt record formatting; (3) there are no network calls or credentials requested by the skill, so it doesn't exfiltrate data by design, but you should still confirm you trust the skill source because it will access files in the agent workspace.

Like a lobster shell, security has layers — review code before you run it.

latestvk9767cwvmttphdfxy23s39jwh983491q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments