ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Patient Consent Simplifier

v1.0.0

Simplify informed consent documents into patient-friendly language while maintaining regulatory compliance (FDA 21CFR50, ICH-GCP, HIPAA) and required legal e...

0· 37·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (simplify consent forms while preserving regulatory elements) align with the included Python script's intent to simplify text. However, SKILL.md claims support for PDF input, a compliance checklist, and mandatory PHI/PII detection that are not implemented in scripts/main.py — this is a functional mismatch (overpromising capabilities).
!
Instruction Scope
SKILL.md instructs the agent to perform a mandatory sensitive-data check, validate compliance against a required-elements checklist, and accept PDFs; none of these steps are implemented in the runtime code. The workflow and error-handling expectations in SKILL.md therefore grant broader authority and responsibility than the code actually performs.
Install Mechanism
Instruction-only with a single small Python script and no install spec, external downloads, or binaries required. No install-time risks detected.
Credentials
The skill requests no environment variables, credentials, or config paths. The lack of requested secrets is proportional to its stated purpose.
Persistence & Privilege
The skill is not forced-always, has no elevated persistence requirements, and does not request modification of other skills or system-wide settings.
What to consider before installing
This skill appears to be a small demo/text-only simplifier but its documentation promises extra safeguards and features that are not implemented. Before installing or using it on real consent forms (especially those containing PHI/PHI): - Do not run this on documents containing real patient identifiers unless you have explicit authorization and have audited/extended the code to implement PHI detection and safe handling. - The script does not parse PDFs, perform PHI/PII detection, or evaluate a compliance checklist despite SKILL.md claiming those capabilities — expect false negatives/incorrect compliance judgments. - Treat outputs as draft-language suggestions only; have a qualified human (IRB/regulatory/legal specialist) review any simplified consent before use. - If you plan to rely on this skill, request or implement: PDF parsing (e.g., pdfminer/pyPDF), explicit PHI detection/de-identification, a concrete checklist-based compliance verifier, unit tests, and logging that avoids exposing PHI. Given the mismatch between promised behavior and actual code, proceed cautiously and prefer de-identified test data until the missing features are implemented and reviewed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97af5v58av842qbvgga9bjp8183wv74

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments