Health Assistant

The skill's files and instructions broadly match a health/supplement advisor, but there are unexplained gaps — notably declared no required credentials despite claiming external API integration and shipping executable scripts — so the package is internally inconsistent and needs review before use.

This skill appears to implement the claimed health and supplement features, but several things don't add up and you should review before installing: - Open and review scripts/health_manager.py and scripts/health_storage.py for any network calls, hard-coded endpoints, or calls that upload user data. Look for requests, urllib, socket, subprocess, or encrypted/obfuscated code. - Confirm where user health data is stored and whether it's transmitted externally. If external APIs (ConsumerLab, Examine, PubMed) are used, ask the author which API keys are required and how they are provided — the skill currently declares no required env vars or credentials. - Because the skill collects sensitive health information (medical history, medications, allergies), ensure you get explicit user consent and that data retention/erasure policies meet your privacy requirements. Prefer to run the skill in a sandboxed environment first. - If you will provide API credentials, use scoped, revocable keys and avoid giving high-privilege accounts. Consider creating separate, limited accounts for testing. - If you are not able to review the code, treat the skill as higher-risk and avoid giving it real patient data or allowing autonomous invocation. If the author can explain why no credentials are declared (e.g., all external calls are optional and use public endpoints only) and can provide a security/privacy doc or code review showing no exfiltration, the package becomes more defensible. Without that, proceed cautiously.