ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chinese Medicine

v1.0.0

Guide users through Chinese Medicine body constitution, symptom pattern insights, safe acupressure points, and herbal knowledge with wellness-focused recomme...

0· 97·0 current·0 all-time
by走过@1970168137
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the provided assets: constitution questionnaires, symptom-pattern mapping, herb database, formulas, contraindications and acupoint references. The included JSON reference files are coherent with a TCM wellness guidance skill and would legitimately be used to power the described features.
!
Instruction Scope
SKILL.md explicitly forbids diagnosis and prescribing and limits actionable guidance to acupressure and lifestyle recommendations. However, the shipped reference files contain practitioner-level, actionable details (needling insertion depths, formula dosages, detailed contraindications like labor-inducing points, and specific herb dosages). This is an internal inconsistency: unless the runtime instructions strictly redact or ignore those fields, the agent could surface needling instructions or exact dosages, which contradicts the stated non-prescriptive boundaries and may be harmful.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute — lowest install risk. All data is local in JSON; nothing is downloaded or executed at install time.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not require access to external secrets or unrelated services.
Persistence & Privilege
Skill is not marked always:true and uses default invocation settings. It does not request elevated or persistent system privileges.
What to consider before installing
This skill is mostly coherent with its stated purpose and contains useful safety data (contraindications, pregnancy warnings, drug interactions). However, it also includes practitioner-level details (needling depths, formula dosages) that conflict with the SKILL.md rule against prescribing or providing invasive instructions. Before installing, confirm how the agent will treat those fields: ideally remove or redact needling and dosage fields from the public references or update runtime rules to never disclose them. Ensure the mandatory health disclaimer is enforced for every health-related reply, add explicit runtime checks (e.g., ask about pregnancy/medications and refuse to provide potentially harmful points/herbs), and test the skill with sample prompts (including pregnant user scenarios and requests for dosing or needling) to verify it refuses or returns only safe, non-prescriptive content. If you intend to use the skill for professional-level guidance, require a licensed practitioner step-in; otherwise, strip practitioner-only details to reduce risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk972bz1xcj02hgp1p2v30b6j7n838apy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments