ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Medical Record Structurer

v1.4.0

Medical record structuring and standardization tool. Converts doctor's oral or handwritten medical records into standardized electronic medical records (EMR)...

0· 409·1 current·1 all-time
byjoe@andyxcg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim (medical record structuring) aligns with the code (scripts/process_record.py, EMR schema references, demo, billing). Billing integration (skillpay.me) and optional OCR/STT keys are plausible. However registry metadata declared no required env vars while README/SKILL.md/refs instruct the use of SKILLPAY_API_KEY, SKILLPAY_SKILL_ID and optional OCR/STT keys — an inconsistency that reduces transparency.
!
Instruction Scope
SKILL.md/demo instruct running local scripts (demo.py, scripts/process_record.py). The documentation claims medical data is processed in-memory only and not stored, but schema and demo show original input included in output (metadata.source_text). The repo contains scripts that read/write trial state under ~/.openclaw/ and a daemon (auto-evolve-daemon.sh) plus self_evolve.py and an upload-to-clawhub.sh — instructions do not tell the user to run the daemon but its presence and the self-evolution/upload scripts broaden scope and could allow unexpected file/network activity if executed.
Install Mechanism
No install spec (instruction-only) — lower automatic risk. But multiple executable scripts and shell helpers are included (auto-evolve-daemon.sh, upload-to-clawhub.sh). Those scripts would write/modify files or run persistent loops if a user manually executes them. The codebase also contains heavy autogenerated/obfuscated portions (e.g., repeated imports) which suggest need for careful manual audit before execution.
!
Credentials
The package behavior legitimately uses SKILLPAY_API_KEY and SKILLPAY_SKILL_ID for billing and optional OCR/STT keys for features — those are proportionate to monetization and OCR/STT support. But the registry metadata lists no required env vars while many docs and code reference them. That mismatch is an information/permission transparency issue. Also PHI-related variables (PHI_ENCRYPTION_KEY, DATA_RETENTION_DAYS) are present in docs; requiring those would be reasonable but they are optional and not enforced in metadata.
!
Persistence & Privilege
always:false (good) and no automatic install, but the repository includes an auto-evolution daemon and a self_evolve.py that appear designed to repeatedly modify/run the skill (evolution-log.json corroborates repeated automatic updates). If the daemon/self-evolve are run (or invoked by an agent), the skill could persistently change behavior or fetch/execute new code. Combined with upload scripts, this increases the blast radius if run without code review.
What to consider before installing
This skill's core functionality (structuring medical text) is coherent with its docs, demo, and EMR schema, but there are multiple red flags you should address before installing or running it with real PHI: - Audit self-modifying/autoupdate code: The repo includes auto-evolve-daemon.sh and scripts/self_evolve.py plus an evolution log indicating automated version changes. Do NOT run these without a human code review; they can change the skill's code or behavior over time. - Inspect upload/remote scripts: There is an upload-to-clawhub.sh and payment/billing integration. Review any scripts that call external endpoints (skillpay.me or other hosts) to confirm what data is sent. The docs claim no PHI is stored or transmitted, but metadata.schema includes source_text (original input) and demo output returns structured_record including original content — that could leak PHI if sent to a remote service. - Credentials and env vars: Although registry metadata lists no required env vars, the README and SKILL.md expect SKILLPAY_API_KEY and SKILLPAY_SKILL_ID (and optional OCR/STT keys). Only provide API keys to this skill after auditing network calls and confirming the recipient endpoints. - Run in an isolated environment first: Test the demo in an isolated VM/container with no real PHI and with network disabled (or monitored) to observe outbound calls. Verify that no unexpected files are created outside ~/.openclaw/ and that trial files do not contain raw PHI. - Prefer reviewing full source: Several files are large/truncated in the package preview; inspect scripts/self_evolve.py, scripts/subscription.py, and upload-to-clawhub.sh fully to ensure they don't fetch/execute code from untrusted hosts or exfiltrate data. - If you need to use with real PHI: require a legal/privacy review and run under institutional controls (audit logging, encryption keys you control, network egress filtering). If you are not comfortable auditing the code, do not install it for processing real patient data. If you want, I can: (1) highlight specific lines or functions to inspect (e.g., network calls, subprocess.exec/use, file writes), or (2) attempt a deeper static review of the full scripts (provide contents of self_evolve.py, subscription.py, and upload-to-clawhub.sh) to give a more definitive recommendation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f9mtgxr3wy6m9pmwz9kfrp583ch6w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments