Skillv1.0.0

ClawScan security

Care · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 7:04 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description promises real-time biometric, diagnostic and intervention capabilities but the runtime instructions are only high-level prose with no concrete integrations, credentials, or install steps, creating an incoherent and potentially risky mismatch.
Guidance: This appears to be a conceptual or placeholder skill rather than a working integration. It makes high-privilege claims (real-time biometric telemetry, diagnostics, pharmacy orchestration) but provides no code, no install steps, and requests no credentials — an incoherence you should not ignore. Before installing or enabling this for any sensitive workflows: 1) ask the publisher for source code, a homepage, and concrete interface docs showing exactly what APIs, binaries, or devices it uses; 2) require a minimal, justified list of environment variables and a clear data-handling / privacy policy (HIPAA/regulatory compliance if applicable); 3) do not grant access to sensors, medical device interfaces, or cloud credentials until you can audit the implementation; and 4) prefer skills hosted on verifiable sources (repo/homepage) and with explicit install instructions rather than high-level prose. If the author cannot provide such details, treat the skill as nonfunctional and avoid using it for real-world health workflows.

Review Dimensions

Purpose & Capability: concernThe name and description claim real-time telemetry, diagnostics, automated interventions, and pharmacy orchestration — capabilities that normally require sensor access, cloud services, device drivers, and multiple credentials. The skill declares no required binaries, no env vars, no config paths, and no install steps, which is inconsistent with the stated purpose and suggests either an incomplete/stub skill or an implementation gap.
Instruction Scope: concernSKILL.md is conceptual and policy-oriented (ethics, CARE_STACK) but contains no concrete runtime instructions, API endpoints, file paths, or commands. The prose is vague and grants broad, undefined scope (e.g., 'Real-time processing', 'automated pharmacy orchestration') without constraints, which would let an agent attempt wide-ranging data collection or integrations if later paired with code.
Install Mechanism: okThere is no install spec and no code files. That lowers immediate risk because nothing will be written to disk or executed as part of installation. However, being instruction-only also means the skill currently provides no verifiable implementation.
Credentials: concernThe skill requests no environment variables or credentials, yet its claimed features would legitimately require many sensitive credentials (medical device APIs, cloud storage, pharmacy systems, genomic datasets). The absence of declared credentials is a mismatch — either the skill is nonfunctional or it will later require sensitive access not accounted for here.
Persistence & Privilege: notealways is false and the skill is user-invocable (normal). disable-model-invocation is false so the agent could call the skill autonomously if implemented. That is the platform default and not itself a red flag, but combined with the vague high-privilege purpose it increases the importance of reviewing any future implementation and credential requests.