v1.0.0

personal health manager

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:54 AM.

Analysis

The skill is coherent for health tracking and shows no hidden network exfiltration or deceptive behavior, but it handles sensitive health data that users should protect.

GuidanceBefore installing or using this skill, be comfortable with storing sensitive health information locally in ~/.health_data. Share only the details needed for your request, confirm any medication or reminder changes, and rely on qualified medical professionals for diagnosis, treatment, or emergencies.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/health_manager.py

def update_medication(med_id: int, updates: dict) -> dict: ... med.update(updates) ... def delete_medication(med_id: int) -> bool:

The local helper supports changing and deleting medication records, which is expected for a health manager but could matter if done accidentally.

User impactAn accidental update or deletion could make the local medication or reminder list misleading.

RecommendationRequire clear user confirmation before modifying or deleting medication and reminder records, and keep backups for important health records.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

scripts/health_manager.py

DATA_DIR = Path.home() / ".health_data" ... "profile.json": {}, "medications.json": [], "reminders.json": [], "records.json": []

The helper initializes persistent local JSON files for health profile, medications, reminders, and health records, which are sensitive data.

User impactPrivate health details may remain on the device and could influence later advice if they are inaccurate, stale, or accessed by someone with filesystem access.

RecommendationOnly enter health information you want stored, review stored values for accuracy, and protect or delete the ~/.health_data directory when appropriate.