Clinical Tempo
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Clinical Tempo appears to be a disclosed context-and-debugging helper skill, with optional hooks and third-party plugin setup that users should review before enabling.
This skill looks safe for its stated purpose as a Clinical Tempo context helper. Before installing, decide whether you want the optional OpenClaw or Claude/Codex hooks to inject reminders automatically, and vet the separate Anyway plugin before installing it. Do not add secrets to CLAWHUB.md or prompt context.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent will repeatedly receive Clinical Tempo reminders during startup, including suggestions about files to read and notes to add.
The optional hook persists as an agent-bootstrap reminder once enabled. This is disclosed and limited to context injection, but it can shape every main agent session in that workspace.
Fires on `agent:bootstrap` ... Pushes `CLINICAL_TEMPO_CONTEXT_REMINDER.md` into `bootstrapFiles` (virtual).
Enable the hook only for the intended Clinical Tempo workspace, review the injected reminder text, and disable it with `openclaw hooks disable clinicaltempo-clawhub` if it becomes unwanted.
Installing the optional plugin may add capabilities outside this skill’s reviewed code and trust boundary.
The skill recommends installing a separate, unpinned third-party OpenClaw plugin for extra capabilities. It is described as optional and separate from Clinical Tempo.
openclaw plugins install @anyway-sh/anyway-openclaw
Install the Anyway plugin only if needed, verify its source and version, and review its permissions separately from this Clinical Tempo skill.
Incorrect or sensitive notes added to CLAWHUB.md could influence future agent behavior or expose information to collaborators.
The skill encourages durable troubleshooting notes in CLAWHUB.md, which future agents may read as trusted project context. The instruction includes a no-secrets warning.
If you debugged MPP/402/8787: add a one-line Success or Failure to `CLAWHUB.md` (no secrets).
Review proposed CLAWHUB.md entries before committing them, keep them factual and non-secret, and treat repo memory as advisory rather than authoritative.