Skillv1.0.0

ClawScan security

Nurse · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 4:19 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (clinical documentation help) but it lacks privacy, safety, and validation guardrails — it can prompt inclusion of patient identifiers and clinical recommendations without controls, which is concerning for a high‑risk domain.
Guidance: This skill appears to do what it says (generate nurse handovers, notes, care plans), but it lacks important safety and privacy guardrails. Before installing or enabling it in an environment with real patients: 1) Do not feed real patient identifiers (names, MRNs, bed numbers) to the skill until you confirm secure handling and auditability. 2) Require human clinician review of any clinical recommendation or documentation produced; treat outputs as drafts. 3) If you plan to use it with PHI, ensure deployment and logging meet your jurisdiction's privacy rules (e.g., HIPAA), and prefer a secure, on‑premises or approved environment. 4) Consider changing defaults so the skill cannot be invoked autonomously for patient-facing or documentation tasks without explicit confirmation. 5) Test extensively with de‑identified examples and validate accuracy against local protocols; add explicit guardrails in SKILL.md for PHI handling, escalation rules, and versioned clinical validation. If you cannot add those safeguards or confirm compliance, treat the skill as high risk and avoid using it with real patient data.

Review Dimensions

Purpose & Capability: okThe name, description, and SKILL.md all align: the skill is an instruction-only clinical documentation assistant that generates handovers, SOAP notes, care plans, and patient communications. It requests no unrelated binaries, env vars, or installs, so its declared surface is proportional to its stated purpose.
Instruction Scope: concernThe SKILL.md explicitly instructs generation of clinical documentation and examples include patient identifiers (name, MRN, bed). There are no instructions about handling PHI, not transmitting data externally, verifying local protocols, or requiring human verification of clinical recommendations. For a clinical skill this broad, absence of privacy/safety/validation steps is a serious concern: it could encourage collection or output of identifiable patient data and unvetted clinical advice.
Install Mechanism: okInstruction-only skill with no install spec and no code files. This is the lowest install risk (nothing is written to disk or downloaded).
Credentials: noteThe skill declares no required environment variables or credentials, which is proportionate given its purpose. However, because the instructions prompt inclusion of PHI and clinical recommendations, the lack of any declared requirements for secure storage, audit logging, or privacy controls is a notable omission (not an explicit mismatch, but a missing safeguard).
Persistence & Privilege: notealways:false and default autonomous invocation are normal. Because the skill can produce clinical output and may be given PHI in prompts, allowing the agent to invoke it autonomously increases blast radius — consider restricting autonomous invocation or requiring explicit user confirmation before use in production workflows.