Skillv1.0.10

ClawScan security

deepevidence循证医学AI助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 26, 2026, 8:59 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and SKILL.md are consistent with a DeepEvidence API client, but the registry metadata omits the required API key and there are minor privacy/packaging inconsistencies you should verify before use.
Guidance: This skill appears to be a legitimate DeepEvidence client, but verify a few things before installing: (1) the SKILL.md and scripts require DEEPEVIDENCE_API_KEY — the registry metadata incorrectly lists no required env vars, so do not assume no secrets are needed; (2) only provide non-PII values for optional user/contact fields (the code will send them to the service); (3) review the code yourself or test with non-sensitive queries to confirm the base URL (https://deepevid.medsci.cn/) is the intended endpoint; (4) ensure the API key you supply is from a trusted administrator and avoid committing it to source control; (5) remember this tool is not for emergency care — follow the emergency boundary instructions. If you need higher assurance, ask the publisher to fix the registry metadata and provide an audited release.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (evidence-based clinical Q&A) matches the code and SKILL.md: it calls a DeepEvidence OpenAI-compatible API at the documented base URL and requires an API key. However, the registry metadata claims 'Required env vars: none' while SKILL.md and scripts/chat.py clearly require DEEPEVIDENCE_API_KEY (and optionally use DEEPEVIDENCE_USER_ID). This metadata mismatch is unexpected and should be resolved.
Instruction Scope: noteSKILL.md defines tight, clinical-focused instructions (response formatting, emergency boundary, do-not-log rules) and the bundled script implements the core chat workflow against the specified base_url. The instructions do not direct the agent to read unrelated system files or other credentials. Caveat: some policy items (e.g., 'must not log PII') are normative and rely on operator discipline; the code accepts optional user-provided metadata (user/contact_id/display_label) which could include PII if callers supply it.
Install Mechanism: okNo install spec or remote downloads are present (instruction-only distribution with a local Python script). The script depends on the standard 'openai' Python package; there are no obscure URLs, archives, or extract operations. Risk from install mechanism is low.
Credentials: concernRequesting DEEPEVIDENCE_API_KEY is proportionate to the stated purpose. The concern is the inconsistency: the top-level registry metadata lists no required env vars while SKILL.md and the script require an API key. The script also accepts optional DEEPEVIDENCE_USER_ID and arbitrary metadata fields (contact_id/display_label) that could carry PII if misused. Confirming the registry metadata and being careful with what you pass as user/contact identifiers is recommended.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. It prints responses and some metadata but does not persist credentials or install background services. Autonomous invocation is allowed by default (normal) and not combined here with other high-risk patterns.