Medical Entity Extractor
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent instruction-only extractor for medical messages, but users should notice that patient data may be processed by Claude despite local-processing wording.
This skill appears purpose-aligned and has no code or install-time behavior, but treat patient messages as sensitive. Before using it, confirm that sending content to the configured model provider is allowed for your use case, de-identify data where possible, and do not treat extracted entities as a clinical decision without human review.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Patient messages may contain health information or identifiers, so using an external LLM provider can have privacy, consent, and compliance implications.
The skill is intended to process patient messages and discloses that the LLM processing may involve Claude API, an external provider/data boundary.
"No data is sent to external services (except Claude API for LLM processing)"
Use only with authorization for external LLM processing, consider de-identifying patient messages before use, and confirm the provider's data handling terms meet your requirements.
A user might overestimate how local or private the processing is unless they read the exception carefully.
The privacy section contains a local-processing claim that is softened by an external Claude API exception, which could confuse users about where sensitive medical text is processed.
"All processing happens locally via OpenClaw" ... "except Claude API for LLM processing"
Clarify the privacy wording before deployment, explicitly stating that message content may be sent to the configured model provider when a remote model is used.