Concept Explainer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to be a simple local medical-concept explainer with no network access or credential use, though it can optionally write output to a user-chosen file.
This appears safe to install from an agentic-security perspective. Treat its medical explanations as educational only, and if you use the output option, choose a safe workspace file path to avoid overwriting anything important.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent or user supplies an unsafe path, the script could overwrite a file the current user can write to.
The script writes to whatever output path is provided. This is purpose-aligned for saving results, but the path is not restricted to a workspace.
if args.output:
with open(args.output, 'w', encoding='utf-8') as f:
f.write(output)Use the output option only with an intended workspace filename, and consider adding path validation or overwrite protection.
Installing or invoking the skill means allowing this included Python script to run locally.
The skill is operated by running a local Python script. This is clearly disclosed and central to the skill's purpose.
python scripts/main.py --concept "thrombosis"
Review the included script if desired and run it in a normal workspace; no hidden execution behavior is evident in the artifacts.