Period Care Assistant
v0.1.0Track menstrual cycle history, answer current cycle status questions, record new period start dates from natural-language messages such as "月经来了", predict th...
⭐ 0· 86·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the actual behavior: a Node script that records period start dates, predicts next starts, and generates reminder plans. The only required runtime pieces are node/nodejs and a single PERIOD_TRACKER_KEY. No unrelated cloud credentials, system services, or surprising binaries are requested.
Instruction Scope
Runtime instructions are explicit: call the included scripts for record/status/configure/reminder-plan and keep all data in the encrypted local store. The instructions also show creating cron jobs whose payloads contain human-readable reminder text (including predicted start dates). That is coherent for reminder delivery, but those cron payloads or configured webhooks could expose sensitive health data if the cron store, logs, or webhook endpoints are not trusted.
Install Mechanism
No external installers or downloads; this is instruction-only with bundled Node scripts. Nothing is fetched from remote URLs or written from an external archive during install.
Credentials
Only a single secret is required (PERIOD_TRACKER_KEY) and an optional store path (PERIOD_TRACKER_STORE) is documented. The key is used to derive an AES-256-GCM data key for local encryption — this is proportionate to the stated goal of encrypted local storage.
Persistence & Privilege
always:false and normal autonomous invocation. The skill writes to its own encrypted state file (default in the skill's .state directory or an explicit PERIOD_TRACKER_STORE), and does not request system-wide privileges or modify other skills. Note: the flow recommends creating cron jobs/agent-turn payloads which, depending on your cron/cron-store visibility and delivery configuration, may leak reminders if not handled carefully.
Assessment
This skill appears to do what it says: a local, encrypted period tracker implemented as a Node script that needs one secret (PERIOD_TRACKER_KEY). Before installing: (1) keep PERIOD_TRACKER_KEY private and consider providing a per-skill key rather than a broader account secret; (2) set PERIOD_TRACKER_STORE to a secure path you control if you are concerned about where the encrypted file will live; (3) be cautious when configuring delivery-mode=webhook or creating cron jobs — verify that the webhook endpoint is trusted, uses HTTPS, and that cron job payloads and logs are not visible to third parties, since reminder text includes predicted start dates which are sensitive health data; (4) run the included tests locally to validate behavior. If you plan to connect external bridges (DingTalk/webhook), review their privacy/security before enabling automatic delivery.Like a lobster shell, security has layers — review code before you run it.
latestvk9756z1wypfc4aakbwtdp9txad8393fw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🩺 Clawdis
OSmacOS · Linux · Windows
Any binnode, nodejs
EnvPERIOD_TRACKER_KEY
Primary envPERIOD_TRACKER_KEY