Medical Device MDR Auditor
v1.0.0Audit medical device technical files against EU MDR 2017/745 regulations.
⭐ 0· 70·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description, SKILL.md, and scripts/main.py all describe and implement a directory-scanning auditor for EU MDR requirements (checking filenames, simple size heuristics, producing a report). Required binaries/env/configs are none, which matches an offline Python script. Minor oddity: requirements.txt lists dataclasses and enum (both in the standard library for targeted Python versions), but this is a benign packaging artifact.
Instruction Scope
The SKILL.md instructs the agent to run scripts/main.py and to validate input/output paths before running, which is within scope. Two practical cautions: (1) the script recursively scans the provided input path (Path.rglob), so pointing it at a high-level path (e.g., / or your whole user home) will enumerate many files — avoid passing broad/sensitive directories. (2) SKILL.md suggests editing an in-file CONFIG block; the code review did not show a clearly labeled CONFIG block in the truncated main.py, so there is mild mismatch between docs and code that should be confirmed before automated runs. Usage examples include an absolute user-specific workspace path (likely leftover from packaging) — harmless but signals it was packaged from a user machine.
Install Mechanism
No install spec; skill is instruction + included Python script. No network downloads or third‑party installers are required. This is the lowest-risk install model for a script-only skill.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The script operates on a user-supplied filesystem path only, which is appropriate for a file-audit tool.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or attempt to modify other skills. Autonomous invocation is allowed (platform default) but not combined with any other concerning privileges or credentials.
Assessment
This package appears to be an offline auditor implemented as a Python script; it does not request credentials or download external code. Before running: (1) review scripts/main.py locally (you already have it) and confirm there are no network calls or hidden behaviors (the reviewed portion showed none). (2) Do not run the tool against broad or sensitive directories — supply an explicit technical-file directory to avoid scanning unrelated files (and avoid PHI exposure). (3) Use the suggested safe checks first: python -m py_compile scripts/main.py and python scripts/main.py --help. (4) Treat outputs as heuristic: the script uses filename patterns and simple size checks and is not a substitute for legal/regulatory review. If you need higher assurance, run the script in a sandboxed environment or have a compliance expert review both the code and the generated report.Like a lobster shell, security has layers — review code before you run it.
latestvk975839y4a27m9kkzs6g17c31d83mg1v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.