Health Proactive
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not work as packaged, or a user/agent may end up running unreviewed local code to perform the alerts.
The skill declares and instructs execution of a helper script, but the supplied manifest contains only SKILL.md and no install spec or code file, so the executable behavior is unavailable for review.
"requires": { "scripts": ["scripts/health_proactive.js"] } ... node scripts/health_proactive.js checkDo not run the referenced script unless it is included, reviewed, and matches the package; the skill should declare Node and provide the script with clear provenance.
Personal meal, hydration, or overdue-task reminders could be posted into a shared channel using whatever account or workspace access is available.
The skill plans to post alerts to a specific workspace channel, which requires delegated posting authority, but the metadata declares no credential or configuration boundary for that authority.
アラートは `#pj_openclaw` (`C0AHBLQ0P32`) に投稿。
Require an explicit posting credential or tool permission, make the destination configurable, and ask for user confirmation before posting sensitive health or task alerts.
Past alert state may persist across sessions and could affect future reminders.
The skill persists alert state for duplicate prevention, which is purpose-aligned, but retention, clearing behavior, and the cross-sounding state filename are not explained.
状態は `state/mention_image_analyzer_state.json` の `proactive` セクションで管理。
Document what is stored, how long it is kept, whether other skills share the file, and how the user can reset or delete the state.