Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Nurse
v1.0.0Clinical support system for nurses and frontline healthcare workers. Trigger whenever a nurse needs help with documentation, patient communication, care plan...
⭐ 0· 290·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, and SKILL.md all align: the skill is an instruction-only clinical documentation assistant that generates handovers, SOAP notes, care plans, and patient communications. It requests no unrelated binaries, env vars, or installs, so its declared surface is proportional to its stated purpose.
Instruction Scope
The SKILL.md explicitly instructs generation of clinical documentation and examples include patient identifiers (name, MRN, bed). There are no instructions about handling PHI, not transmitting data externally, verifying local protocols, or requiring human verification of clinical recommendations. For a clinical skill this broad, absence of privacy/safety/validation steps is a serious concern: it could encourage collection or output of identifiable patient data and unvetted clinical advice.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is the lowest install risk (nothing is written to disk or downloaded).
Credentials
The skill declares no required environment variables or credentials, which is proportionate given its purpose. However, because the instructions prompt inclusion of PHI and clinical recommendations, the lack of any declared requirements for secure storage, audit logging, or privacy controls is a notable omission (not an explicit mismatch, but a missing safeguard).
Persistence & Privilege
always:false and default autonomous invocation are normal. Because the skill can produce clinical output and may be given PHI in prompts, allowing the agent to invoke it autonomously increases blast radius — consider restricting autonomous invocation or requiring explicit user confirmation before use in production workflows.
What to consider before installing
This skill appears to do what it says (generate nurse handovers, notes, care plans), but it lacks important safety and privacy guardrails. Before installing or enabling it in an environment with real patients: 1) Do not feed real patient identifiers (names, MRNs, bed numbers) to the skill until you confirm secure handling and auditability. 2) Require human clinician review of any clinical recommendation or documentation produced; treat outputs as drafts. 3) If you plan to use it with PHI, ensure deployment and logging meet your jurisdiction's privacy rules (e.g., HIPAA), and prefer a secure, on‑premises or approved environment. 4) Consider changing defaults so the skill cannot be invoked autonomously for patient-facing or documentation tasks without explicit confirmation. 5) Test extensively with de‑identified examples and validate accuracy against local protocols; add explicit guardrails in SKILL.md for PHI handling, escalation rules, and versioned clinical validation. If you cannot add those safeguards or confirm compliance, treat the skill as high risk and avoid using it with real patient data.Like a lobster shell, security has layers — review code before you run it.
clinicalvk97d1ernhpsqdgsvr4vxxy7cg582hvzxdocumentationvk97d1ernhpsqdgsvr4vxxy7cg582hvzxhealthcarevk97d1ernhpsqdgsvr4vxxy7cg582hvzxlatestvk97d1ernhpsqdgsvr4vxxy7cg582hvzxmedicalvk97d1ernhpsqdgsvr4vxxy7cg582hvzxnursevk97d1ernhpsqdgsvr4vxxy7cg582hvzx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.