Skillv0.2.3

ClawScan security

Med Info · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 4:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (label-backed medication lookups using public APIs), requires only python3, and does not request unrelated credentials or hidden endpoints; a couple small implementation notes are worth checking before use.
Guidance: This skill appears to implement what it claims: it queries public, authoritative APIs and produces label-backed medication summaries. Before installing or running it, consider the following: 1) It will create a local cache (default ~/.cache/med-info) and can be redirected with MED_INFO_CACHE_DIR — set or review this if you don’t want files in your home directory. 2) OPENFDA_API_KEY is optional (only needed for higher rate limits); no other secrets are required. 3) The code imports subprocess (common for utilities) but the visible code uses safe urllib requests and explicit escaping for openFDA queries; if you want extra assurance, grep the full scripts for subprocess.*Popen|call|run and shell=True or other exec patterns before running. 4) Avoid sending any PHI to the tool (SKILL.md warns this) and verify any high-stakes clinical decision against the original official label. If you need higher assurance, run the script in an isolated environment or container and review the full med_info.py file for any remaining unreviewed logic.
Findings: [virus_total_suspicious_flag_history] unexpected: findings.md mentions an earlier VirusTotal 'Suspicious' flag related to openFDA query injection; the code includes deliberate escaping (openfda_escape_value / openfda_qstr) and a comment explicitly addressing injection mitigation (version v0.2.1 onward). This history is relevant but the current code shows a mitigation.

Review Dimensions

Purpose & Capability: okName/description match the included code and docs: med_info.py queries RxNorm, openFDA, DailyMed/PubChem and returns label-backed summaries with identifiers and optional safety context. Required binaries (python3) and optional OPENFDA_API_KEY align with the declared capabilities; there are no unrelated credentials or surprising third-party services.
Instruction Scope: noteSKILL.md instructs running the included Python script with flags and warns not to include PHI; the runtime instructions and examples stay within the stated domain (label lookups, recalls, shortages, FAERS aggregates). The code shows explicit escaping of openFDA query values (mitigates query-injection risk). One minor mismatch: the script honors MED_INFO_CACHE_DIR to change the cache location, but SKILL.md does not document this environment variable; the tool also writes cache files by default (~/.cache/med-info).
Install Mechanism: okThere is no install spec and no external installer — the package is distributed as source scripts. No downloads from arbitrary URLs or archive extraction occur during install. Execution will fetch public API data at runtime and create a local cache directory (default in the user's home), which is expected behaviour for this tool.
Credentials: noteThe skill has no required credentials and only an optional OPENFDA_API_KEY to increase rate limits, which is proportional. As noted, it also reads MED_INFO_CACHE_DIR to override cache location (not declared in the SKILL.md's 'Requirements'), and prints/redacts URLs when asked. No other secret-like env vars are requested.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It writes its own cache under the invoking user's home by default but does not alter other skills or system-wide agent settings.