ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Prior Authorization Letter Drafter

v1.0.0

Generate professional prior authorization request letters for insurance companies with proper clinical justification and formatting.

0· 36·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The scripts/main.py implements a plaintext prior authorization letter generator consistent with the stated purpose. However, SKILL.md and references claim DOCX/PDF output, python-docx/jinja2 dependencies, and a letter_template.docx that are not present in the package; those claimed capabilities are not implemented by the code.
Instruction Scope
SKILL.md instructs running the packaged Python script and validating inputs; the instructions do not ask for unrelated system data, environment variables, or network access. The runtime guidance is scoped to generating letters and validating inputs.
Install Mechanism
There is no install spec (instruction-only + packaged script), so nothing is downloaded at install time (low install risk). However, the repository contains contradictory dependency notes: references/requirements.txt says no external deps, SKILL.md mentions python-docx/jinja2, and root requirements.txt lists 'dataclasses' and an unknown 'main' package — these inconsistencies are suspicious but not an active install risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code reads only a provided JSON input file and writes local output; no secret access or unrelated credentials are requested.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform privileges, and does not attempt to modify other skills or global agent settings. It runs locally when invoked.
What to consider before installing
This package appears to be a simple, local prior-authorization letter generator (no network or credential access). However, before trusting it with real patient data you should: 1) Note the inconsistencies — SKILL.md claims DOCX/PDF output, templates, and python-docx/jinja2, but the code only writes plaintext and the named template file is missing. 2) Verify requirements.txt — the root file lists an unknown 'main' dependency and 'dataclasses' unnecessarily; this looks like a packaging error. 3) Manual review — inspect scripts/main.py (already included) and run python -m py_compile scripts/main.py, then run the script with test (non-PHI) data to confirm behavior. 4) Ensure HIPAA/privacy compliance — do not feed real PHI until you confirm the environment and storage meet your policies. 5) If you need DOCX/PDF output or carrier-specific templates, request the author to supply the missing template files and correct dependency declarations or modify the script locally. These issues look like sloppy packaging rather than malicious intent, but fix the discrepancies or run in an isolated environment before using with sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bc3sgek3005g04t46p6745d83zz5x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments