Health Assistant
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned and shows no exfiltration or hidden execution, but it stores sensitive health information locally and should be treated as private.
This skill looks coherent for a personal health assistant, but it handles private medical information. Before using it, decide whether you want health profiles, medication lists, reminders, and records stored under ~/.health_data, and avoid relying on it as a substitute for professional medical care.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private health details may remain on the device after use, and outdated stored data could influence later health guidance.
The skill persists sensitive health profile, medication, reminder, and health-record data locally for later reuse.
DATA_DIR = Path.home() / ".health_data" ... "profile.json", "medications.json", "reminders.json", "records.json"
Only store information you are comfortable keeping locally, periodically review or delete ~/.health_data, and verify important health decisions with a professional.
An accidental or misunderstood request could change or remove local medication records.
The included helper code can update or delete local medication records, which is purpose-aligned but should be user-directed.
def update_medication(med_id: int, updates: dict) ... def delete_medication(med_id: int) ... json.dump(meds, open(DATA_DIR / "medications.json", 'w'), indent=2)
Confirm with the user before editing or deleting stored health records, and consider backing up important local health data.
Users have less registry-provided assurance about where the included code came from.
Registry-level provenance is not established for a skill that includes local scripts, even though the scripts themselves appear simple and purpose-aligned.
Source: unknown; Homepage: none
Review the included scripts before running them and prefer verified publishers or source links when handling sensitive health data.