Drug Pronunciation
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a simple local drug-pronunciation helper with no network or credential access, but its documentation overstates coverage and its optional output path can write wherever permitted.
This skill looks safe for basic local pronunciation lookup. Before installing, note that it appears to cover only a few drugs despite the broader documentation claim, and keep any output file path inside a safe workspace to avoid overwriting unrelated files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may expect much broader pronunciation coverage than the skill actually provides.
This broad coverage claim is not matched by scripts/main.py, which contains only five hardcoded drug entries. This is a capability overstatement rather than evidence of malicious behavior.
- Coverage of 1000+ common medications
Treat the tool as a small demo database unless the drug list is expanded; verify pronunciations independently for clinical or educational use.
If invoked with an important writable file path, the script could overwrite that file with pronunciation JSON.
The optional output feature writes to the exact path provided by the caller. This is user-directed and purpose-aligned, but there is no path restriction or overwrite protection.
if args.output:
with open(args.output, 'w', encoding='utf-8') as f:
f.write(output)Save outputs only to a dedicated workspace path, and consider adding path validation or overwrite confirmation if the skill is expanded.