ClawHub
Back to skill
v2.0.0

maccabi-pharm-search

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:54 AM.

Analysis

This appears to be a coherent medication stock lookup skill, with the main thing to notice being that medication and city searches are sent to Maccabi website APIs.

GuidanceThis skill looks purpose-aligned and does not show credential use or system modification. Before installing, understand that medication searches and city-based stock checks are sent to Maccabi’s website APIs, and only set up recurring checks if you explicitly want ongoing automated queries.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
node {baseDir}/scripts/pharmacy-search.js search "nurofen" ... node {baseDir}/scripts/pharmacy-search.js stock 58299

The skill instructs the agent to run a local Node CLI that performs network lookups. This is disclosed and central to the skill’s purpose, with no evidenced destructive or broad system commands.

User impactThe agent can run the included lookup command to query pharmacy stock on the user’s behalf.
RecommendationReview the requested medication and city before asking the agent to run searches, especially for prescription or sensitive medicines.
Rogue Agents
SeverityLowConfidenceHighStatusNote
README.md
You can also set up a cron job or scheduled reminder to check stock automatically ... "Check every morning at 8am and alert me when Nurofen Forte becomes available"

The documentation suggests user-requested recurring checks. The artifacts do not show automatic persistence by the skill itself, but scheduled background use would create ongoing activity.

User impactIf configured, the agent or system could repeatedly query medication availability on a schedule.
RecommendationOnly create recurring checks with a clear schedule, notification method, and stop condition, and remove the schedule when it is no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
scripts/pharmacy-search.js
catalog?largo=&name=${encodeURIComponent(query)}&category=&item_state= ... body: { City: cityCode, ... largo: String(largoCode) }

Medication search terms, Largo drug codes, and city codes are sent to Maccabi website API endpoints. This is expected for the stock-checking purpose, but it means health-related search intent leaves the local agent environment.

User impactMaccabi’s website APIs may receive the medication name or drug code and city being checked.
RecommendationUse the skill only for medication and city searches you are comfortable sending to Maccabi’s website infrastructure, and avoid sharing unnecessary personal details in prompts.