Security audit
OpenClaw for Doctor
Security checks across malware telemetry and agentic risk
Overview
The clinical prompt is coherent, but the included server code can persist clinical task data and expose or send it through optional-auth APIs and callbacks if run.
Use the prompt-only clinical guidance only with clinician review. Do not run the included API service with real patient data unless you configure a required API token, restrict network exposure, disable or tightly allowlist outbound callbacks/webhooks, and set clear data retention/deletion controls.
VirusTotal
66/66 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
