v1.0.2
2026/02/01
- Renamed skill from "health-tracker" to "healthcheck" - Simplified and rewrote documentation for conciseness and clarity - Shortened all Node.js one-liners for recording and managing water and sleep data - Updated data format: renamed fields (e.g., "timestamp" → "time"), edited usage examples - Removed metadata and some advanced examples (e.g., reminders, detailed stats) - Focused on essential file operations: add, update, delete, and stats for water/sleep records
Security Scan
状态
clean
OpenClaw
gpt-5.5
OpenClaw 分析
This is a small local water and sleep tracker that writes to one JSON file, with some usability and validation cautions but no evidence of hidden or malicious behavior.
置信度: high
VirusTotal
Type: OpenClaw Skill Name: healthcheck Version: 1.0.2 The skill is classified as suspicious due to the potential for prompt/command injection. The `SKILL.md` file instructs the AI agent to execute `node -e` commands that directly embed user input variables (`CUPS`, `NEW_CUPS`) into the JavaScript string. If the OpenClaw platform does not strictly sanitize these variables to numerical values, an attacker could inject arbitrary JavaScript code, leading to unauthorized execution. While there is no explicit malicious intent (like data exfiltration or persistence) within the provided code, this mechanism presents a significant security risk.