Dicom Anonymizer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is mostly aligned with DICOM anonymization, but it overstates HIPAA-grade privacy while preserving image pixels unchanged and creating potentially sensitive audit records.
Review carefully before using with real patient data. Treat the output as requiring validation for burned-in text, dates, private tags, and other residual PHI; protect audit logs; and pin/install dependencies in a trusted environment.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could share supposedly anonymized medical images while patient identifiers remain visible in the image data.
The skill claims compliance-grade de-identification while explicitly preserving pixel data unchanged; DICOM images can contain burned-in identifiers or other PHI in the pixels, so this assurance may be stronger than the artifacts support.
- **HIPAA Safe Harbor Compliant**: Meets de-identification standards for research use ... Image pixel data (7FE0,0010) preserved unchanged
Use this only as one de-identification step, validate outputs manually or with a trusted DICOM de-identification workflow, and do not rely on the HIPAA/compliance claim without independent review.
Audit logs may reveal sensitive file names, patient-linked identifiers, or research linkage information even when the DICOM output is anonymized.
The optional audit log stores persistent metadata about original files and patient-ID-derived hashes; paths or hashes can be sensitive or linkable.
"input_file": "/path/to/original.dcm", "output_file": "/path/to/anonymized.dcm", "original_patient_id_hash": "sha256:abc123...", "pseudonym": "ANON_0001"
Store audit logs in a protected location, avoid patient identifiers in file paths, review log contents before sharing, and delete logs when no longer needed.
The exact code installed from package repositories may vary by environment, which can affect reproducibility and security review.
The dependency file lists unpinned Python packages, so installations may resolve to different versions over time.
dataclasses pydicom
Pin dependency versions, install from trusted package indexes, and consider using a lockfile or isolated virtual environment.
A mistaken input/output path could process the wrong files or produce outputs that are assumed safe without review.
The skill supports recursive batch processing of local DICOM directories, which is expected for its purpose but can affect many files if paths are chosen incorrectly.
python scripts/main.py --input /path/to/dicom/folder/ --output /path/to/output/ --batch
Run on copies of data, use a separate output directory, keep overwrite disabled unless necessary, and inspect a sample of outputs before sharing.