Skillv2.0.0

ClawScan security

Mentx Doctor 医疗助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 16, 2026, 2:02 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly matches its stated medical-assistant purpose, but there are clear incoherences (missing declared credential, bundled script that uploads potentially sensitive images to an external API, and small metadata/version mismatches) that you should understand before installing.
Guidance: This skill appears to do what it says (send text/images to Mentx API and return a report) but has two important red flags: (1) the registry metadata fails to declare the required MENTX_API_KEY even though SKILL.md and scripts require it — confirm where that key comes from and whether you trust the developer and key handling; (2) the skill uploads medical images/reports (sensitive personal health information) to an external host (developer.mentx.com). Before installing, verify the vendor/domain and their privacy/retention policy, ensure you have user consent to transmit PHI, avoid putting a long-lived production API key in global shell startup files (use limited-scope or ephemeral keys), and consider testing with non-sensitive data first. If you cannot verify the service's identity and data handling, do not provide real patient data or your primary API key.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and scripts clearly require an API key (MENTX_API_KEY) to call developer.mentx.com, but the registry metadata lists no required environment variables/primary credential. That mismatch is significant: a skill described as 'instruction-only' / no envs in registry in fact needs a secret to function. Also SKILL.md claims Version 1.0.0 while registry shows 2.0.0 — metadata inconsistencies reduce trust.
Instruction Scope: noteInstructions stay within the stated purpose (immediate empathic reply, then asynchronously upload text/images to Mentx API and poll for a report). However the runtime behavior involves uploading user-supplied medical images/reports (PHI) to https://developer.mentx.com, storing responses temporarily in /tmp, and running background curl jobs. Those are coherent with the purpose but have privacy and data-handling implications that are not addressed in the skill (no explicit consent, retention, or privacy policy text included).
Install Mechanism: noteThere is no install spec (instruction-only), which is low risk, but the repository includes an executable shell script (scripts/mentx-api.sh) that the agent will call at runtime. That means code will run on the host when invoked even though nothing is declared to be installed—this is expected but worth noting.
Credentials: concernThe skill requires an API key (MENTX_API_KEY) to contact the external Mentx API, which is appropriate for a third‑party service. The problem is the registry metadata did not declare this required credential. Requiring a secret without declaring it is an incoherence and a user-safety concern. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request always:true or other elevated platform privileges. It runs short-lived background tasks and writes temporary files to /tmp only. It does not modify other skills or system-wide agent settings.