Back to skill

Security audit

OpenClaw for Doctor

Security checks across malware telemetry and agentic risk

Overview

The clinical prompt is coherent, but the included server code can persist clinical task data and expose or send it through optional-auth APIs and callbacks if run.

Use the prompt-only clinical guidance only with clinician review. Do not run the included API service with real patient data unless you configure a required API token, restrict network exposure, disable or tightly allowlist outbound callbacks/webhooks, and set clear data retention/deletion controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.