← Back to Skills Marketplace
mxyjhelowin

Mxyj Heartplus Ecg

by mxyj@helowin · GitHub ↗ · v0.0.7 · MIT-0
cross-platform ⚠ suspicious
380
Downloads
2
Stars
1
Active Installs
7
Versions
Install in OpenClaw
/install mxyj-heartplus-ecg
Description
这是一个用于心脏+ App 的心电健康管理技能,主要功能包括:1.发送心电检测通知并联动 Apple Watch 获取心电时序数据;2.基于心电时序数据通过心电分析算法输出报告与解读;3.查询已生成的心电分析报告(历史、最新、指定报告)。本技能需与心脏+ App 配合使用,使用前请先在 iPhone 上安装并登录...
Usage Guidance
What to check before installing or running this skill: - Verify the external installers and binaries: the skill will (a) suggest installing 'uv' via a script hosted at astral.sh and (b) download and execute 'healthgateway' binaries from an OSS URL. Ask the author for signed releases or independent verification (signed artifacts or reproducible sha256 checks). Manually compare the downloaded files' sha256 hashes with those in config.json before execution. - Audit endpoints: the API base_url (default https://api.995120.cn) and the OSS host are external services you will contact. Confirm you trust these services and understand their privacy/security policies. - Consider running in a sandbox: because the skill downloads and executes binaries and makes network calls, run it in an isolated environment (container or VM) if you want to limit blast radius. - Review data flow and privacy: the skill stores phone numbers and session authorization state locally and requires session-key values to operate. Ensure you are comfortable with local storage of phone numbers and with an agent returning raw script outputs — if a script produces unexpected fields, the policy requires the agent to paste them verbatim. - Ask the developer for clarification: request the canonical source for 'uv' (official package or trusted repo) and provenance/signature for the healthgateway binaries; ask for evidence that the astral.sh installer is safe or a recommended alternative (e.g., install from official package manager). - If you cannot verify the binaries or sources, do not run the automatic installer; instead manually vet and install needed tools from trusted sources, and only run scripts after verifying hashes. If you want, I can: - Extract and list all external URLs and binaries the skill uses (install scripts, API endpoints, OSS links, sha256 values) so you can verify them, - Or produce a concise checklist and commands to verify downloaded file hashes and to run the skill safely in a sandboxed environment.
Capability Analysis
Type: OpenClaw Skill Name: mxyj-heartplus-ecg Version: 0.0.7 The skill facilitates ECG health management by interacting with the 'Heart+' App API (api.995120.cn). A significant security risk is identified in `gateway_manager.py`, which automatically downloads and executes platform-specific binaries from an external Aliyun OSS bucket (`aigc-online.oss-cn-hangzhou.aliyuncs.com`) to handle encrypted API communication. While this is aligned with the stated purpose of the skill, the execution of remote binaries is a high-risk capability. Additionally, `SKILL.md` contains highly prescriptive 'critical instructions' designed to strictly steer the AI agent's behavior and output formatting, and the skill collects user phone numbers which are stored locally in `config.json`.
Capability Assessment
Purpose & Capability
The skill name/description (heart ECG: send notify, fetch Apple Watch ECG, produce and show reports) aligns with required items: it needs a local runner ('uv'), scripts to manage phone/session, gateway for secure comms, and API calls to a backend. Requiring 'uv' and having scripts that call a gateway binary and remote APIs is coherent with the stated functionality.
Instruction Scope
SKILL.md tightly constrains agent behavior (sessionKey rules, not exposing internal process), but also enforces a strict 'copy & paste' policy: the agent must return raw Markdown output from the scripts without modification. That policy means any content produced by the scripts (including accidental sensitive fields) will be verbatim returned to users. The instructions also require reading local references and config.json and executing several scripts that will call remote APIs and the gateway binary. Those actions are within the skill's purpose but increase the risk surface because the agent is mandated to expose script output exactly as-is.
Install Mechanism
The install spec requires installing 'uv' and includes platform-specific download/install entries. The provided download URL for the 'uv' installer (https://astral.sh/uv/install.sh and install.ps1) is a third-party script (not a canonical system package host) — executing such a script has moderate-to-high risk. The skill also downloads platform binaries (healthgateway-*) from an OSS URL (aigc-online.oss-cn-hangzhou.aliyuncs.com) and runs them locally; those downloads include sha256 values in config.json which helps mitigate risk, but downloading and executing remote binaries is inherently risky and requires verifying the hashes and provenance.
Credentials
The skill requests no environment variables or unrelated credentials. It stores per-session phone numbers and session auth state in a local config.json, which is consistent with its need to manage phone/session-level authorization. No secrets or cloud credentials are requested by the skill manifest itself.
Persistence & Privilege
always:false (no forced inclusion). The skill writes/reads its own config.json and caches report_list_cache.json and creates a bin/ directory for the gateway binary — behavior consistent with a client that manages local binaries and per-session data. It does not request system-wide privileges or modify other skills.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install mxyj-heartplus-ecg
  3. After installation, invoke the skill by name or use /mxyj-heartplus-ecg
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.7
- 新增针对不同操作系统的 uv 安装方式指引(支持 macOS、Linux、Windows),完善 config.json install 流程。 - SKILL.md 中命令安装部分优化,添加跨平台 uv 安装脚本与平台说明字段。 - 其余运行逻辑和用户使用方式无变化。
v0.0.6
- Improved error output formatting in api_manager.py, ensuring all script exceptions and error messages are returned as a standard JSON error structure ({"error": ...}) for better downstream handling and user feedback. - No changes to user-facing features or core workflow.
v0.0.5
## mxyj-heartplus-ecg v0.0.5 Changelog - 更新心脏+ App 的 App Store 下载链接,修正并统一为产品最新上架信息。 - 优化交互话术库及模板,调整部分用户提示用语。 - 修正部分依赖描述及最小环境配置说明。 - 文档/说明细节微调,确保业务执行及合规一致性。
v0.0.4
## mxyj-heartplus-ecg v0.0.4 Changelog - Updated config.json and scripts/gateway_manager.py files. - Likely fixed or improved handling of gateway or security authorization. - No changes to user-facing workflow or capabilities described in documentation. - General maintenance and dependency update (see file changes for technical details).
v0.0.3
- 增强症状识别,支持根据用户输入自动判别心电测量、解读或报告查询动作,并细化普通/高风险场景处理。 - 新增高风险症状自动输出就医提醒及分层免责声明,优化合规与用户安全提示。 - 调整会话启动逻辑,实现状态优先入口判定,已认证会话不再重复前置确认。 - 进一步规范用户交互话术,默认采用共情三段式短句与FAQ分层回复,提升对话体验。 - 明确 Apple Watch 设备和 App 版本号要求,报告输出协议与前置自检机制保持严格直通。 - 优化文档结构和触发边界说明,完善能力主张与产品价值描述。
v0.0.2
- 新增会话启动欢迎语与用户确认流程,首次加载必须提示并等待用户“确认/是”回复后再继续操作。 - 欢迎语包含心脏+ App 官方 iOS 下载链接,提示用户提前下载安装登录。 - 用户提示模板、所有 App 提示场景同步补充 App Store 下载链接。 - 明确会话预检分为“欢迎/确认”与“状态/授权”两阶段,强化对话流程控制。 - 无功能变更,主要针对用户入门流程和话术规范增强。
v0.0.1
- Initial release of mxyj-heartplus-ecg for 心脏+ App ECG tasks and report queries. - Supports phone binding, app authorization, secure session validation, and ECG report retrieval. - Strict requirements for session-key isolation and explicit parameter passing in all commands. - Mandatory COPY & PASTE of script-produced Markdown content in agent replies; no summaries or rewording allowed. - Only available to users with China mainland phone numbers and iPhone with 心脏+ App. - Includes detailed boundary handling, error prompts, and minimal user-facing messaging.
Metadata
Slug mxyj-heartplus-ecg
Version 0.0.7
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 7
Frequently Asked Questions

What is Mxyj Heartplus Ecg?

这是一个用于心脏+ App 的心电健康管理技能,主要功能包括:1.发送心电检测通知并联动 Apple Watch 获取心电时序数据;2.基于心电时序数据通过心电分析算法输出报告与解读;3.查询已生成的心电分析报告(历史、最新、指定报告)。本技能需与心脏+ App 配合使用,使用前请先在 iPhone 上安装并登录... It is an AI Agent Skill for Claude Code / OpenClaw, with 380 downloads so far.

How do I install Mxyj Heartplus Ecg?

Run "/install mxyj-heartplus-ecg" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Mxyj Heartplus Ecg free?

Yes, Mxyj Heartplus Ecg is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Mxyj Heartplus Ecg support?

Mxyj Heartplus Ecg is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Mxyj Heartplus Ecg?

It is built and maintained by mxyj@helowin (@mxyjhelowin); the current version is v0.0.7.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments