Medical

ReviewAudited by ClawScan on May 1, 2026.

Overview

The skill appears coherent and local-first with no evidence of exfiltration, but it stores and can export sensitive medical information that users should handle carefully.

This skill looks purpose-aligned and local-first, but it is meant to hold highly sensitive medical details. Before installing, be comfortable with local persistent storage under the OpenClaw workspace, review any emergency-card output before saving or sharing it, and continue treating medication-interaction and vital-sign summaries as organizational aids rather than medical advice.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI06: Memory and Context Poisoning

What this means

Your medications, symptoms, vitals, contacts, and medical history may remain available to the agent in future health-related tasks.

Why it was flagged

The skill deliberately persists sensitive health records in local agent workspace memory so they can be read and reused for later summaries.

Skill content

All health data is stored locally only under: `~/.openclaw/workspace/memory/health`

Recommendation

Only store information you are comfortable keeping locally, keep the workspace private, periodically review/delete old records, and treat saved free-text notes as data rather than instructions.

Low

#ASI02: Tool Misuse and Exploitation

What this means

If the output path is poorly chosen, sensitive health details could be saved in a public, synced, or unintended location, or an existing local file could be overwritten.

Why it was flagged

The emergency-card tool can write sensitive health-summary output to a user/agent-selected local path.

Skill content

parser.add_argument('--output', help='Save to file') ... with open(args.output, 'w') as f:

Recommendation

Confirm the destination before saving emergency cards, avoid public or cloud-synced folders unless intended, and use display-only output when you do not need a file.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

One helper script was not manually reviewable from the provided artifact text, although the static scan reported no suspicious findings.

Why it was flagged

The manifest lists a medication-listing helper, but that file's full source was not included in the supplied contents. This is a review-completeness note, not evidence of malicious behavior.

Skill content

scripts/list_medications.py (1781 bytes); …[remaining files truncated, 1 file(s) omitted]

Recommendation

Review the complete source package when available before relying on the skill for sensitive health records.