clawcoach-core
ClawCoach is an AI health coach that tracks nutrition and provides personalized coaching through supportive or tough love personas.
Install this skill
or
64/100
Security score
The clawcoach-core skill was audited on Feb 28, 2026 and we found 8 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 19
Access to hidden dotfiles in home directory
SourceSKILL.md
| 19 | This skill reads and writes files ONLY within `~/.clawcoach/`: |
medium line 20
Access to hidden dotfiles in home directory
SourceSKILL.md
| 20 | - `~/.clawcoach/profile.json` — your name, age, calorie targets, dietary preferences, coach persona choice |
medium line 21
Access to hidden dotfiles in home directory
SourceSKILL.md
| 21 | - `~/.clawcoach/food-log.json` — your logged meals and macros |
medium line 27
Access to hidden dotfiles in home directory
SourceSKILL.md
| 27 | Before any interaction, check if `~/.clawcoach/profile.json` exists. |
medium line 40
Access to hidden dotfiles in home directory
SourceSKILL.md
| 40 | 1. Update `persona` in `~/.clawcoach/profile.json` |
medium line 69
Access to hidden dotfiles in home directory
SourceSKILL.md
| 69 | Read `~/.clawcoach/food-log.json`, filter for today's date, calculate totals, and present: |
medium line 92
Access to hidden dotfiles in home directory
SourceSKILL.md
| 92 | When calculating daily totals, read `~/.clawcoach/food-log.json` and sum all CONFIRMED meals for today's date: |
low line 4
Unicode escape sequences
SourceSKILL.md
| 4 | emoji: "\U0001F3CB" |
Scanned on Feb 28, 2026
View Security Dashboard