Prior Authorization Letter Drafter

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This appears to be a local prior-authorization letter drafting tool, but users should protect patient data, review generated clinical claims, and avoid blindly installing the included dependency file.

This skill looks suitable for local drafting of prior authorization letters. Before using it with real patient data, verify the dependency file, choose secure input and output locations, and require human clinical review before any letter is submitted.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI06: Memory and Context Poisoning

Medium

What this means

Generated files may contain protected health information or other sensitive patient details.

Why it was flagged

The script is designed to process patient identifiers, dates of birth, and clinical justification text, which are sensitive medical/insurance data.

Skill content

patient_name: str
    patient_id: str
    patient_dob: str
    ...
    clinical_justification: str

Recommendation

Use only necessary patient information, store outputs in an appropriate secure location, and delete draft files when they are no longer needed.

#ASI02: Tool Misuse and Exploitation

Low

What this means

If given the wrong output path, the script could place sensitive content in an unintended location or overwrite an existing file.

Why it was flagged

The tool reads from and writes to user-specified local paths. This is expected for a letter generator, but the chosen paths matter.

Skill content

parser.add_argument('--input', '-i', help='Path to JSON input file with patient and service details') ... parser.add_argument('--output', '-o', default='prior_auth_letter.txt' ...)

Recommendation

Confirm input and output paths before running, and avoid writing drafts into shared or synced folders unless intended.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

Blindly installing the requirements file could add packages that are not needed for the shown script.

Why it was flagged

The dependency list is unpinned and includes 'main', which is not justified by the visible implementation and could fetch an unnecessary third-party package if installed.

Skill content

dataclasses
main

Recommendation

Do not run package installation automatically; remove or verify unnecessary dependencies and pin any dependencies that are truly required.

#ASI09: Human-Agent Trust Exploitation

Low

What this means

A draft letter could include clinical or insurance-relevant statements that need verification before submission.

Why it was flagged

The generator adds a clinical assertion automatically, whether or not the input explicitly supports that exact statement.

Skill content

"Alternative treatments have been considered and are not appropriate for this patient due to the specific clinical circumstances outlined above."

Recommendation

Have a qualified clinician or authorized staff member review and edit the letter before sending it to an insurer.