Skillv1.0.0

ClawScan security

风险管理专家 (ISO 14971) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 15, 2026, 3:21 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and instructions are coherent with an ISO 14971 risk‑management helper: included templates, guidance, and a local Python risk calculator align with the described purpose and it does not request extra credentials or installs.
Guidance: This package appears coherent and implements ISO 14971 guidance with a benign local Python tool. Before installing or running: (1) verify the publisher/provenance (source/homepage are missing and _meta.json ownerId differs from the registry ownerId—this could mean it was repackaged), (2) review the included Python script yourself or run it in an isolated environment (it is a local CLI calculator and appears to make no network requests), (3) do not treat the content as a substitute for formal regulatory/legal review—have your compliance team validate templates and acceptance criteria, and (4) prefer skills from known/official sources when relying on them for regulatory work.

Purpose & Capability: okThe name, description, SKILL.md content, reference documents, and the provided Python risk_matrix_calculator.py all focus on ISO 14971 risk analysis (risk matrices, FMEA, RPN). Nothing in the bundle appears unrelated to medical device risk management. Note: the package source/homepage are missing and the _meta.json ownerId differs from the registry ownerId, which is a provenance inconsistency worth checking but does not imply functional mismatch.
Instruction Scope: okSKILL.md provides workflows, templates, and decision frameworks and does not instruct the agent to read arbitrary system files, access hidden configuration, or send data to external endpoints. The runtime instructions stay within the risk‑management domain.
Install Mechanism: okThere is no install spec (instruction-only skill) and no downloads or extraction steps. A single Python script is included; its source is readable and contains only local calculations and CLI/interactive logic (no network calls or obfuscation).
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That is proportionate to the stated functionality (document templates and a local calculator).
Persistence & Privilege: okalways is false and the skill does not request elevated or persistent system privileges. disable-model-invocation is false (normal). The skill does not modify other skills or global agent config.