Recently, Wang et al. proposed a computationally transferable authenticated key agreement protocol for smart healthcare by adopting the certificateless public-key cryptography. They claimed that their protocol could ensure privacy, resist various attacks, and possess superior properties. After analyzing their protocol, we find that it suffers from some flaws. Firstly, user privacy is not ensured as claimed. Secondly, some statements are inaccurate or missing. Thirdly, it cannot resist DoS attack. In this paper, the details of how these flaws threaten Wang et al.’s protocol are shown.