Back to skill
Skillv1.0.0
ClawScan security
Mental Health Booking · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 12, 2026, 10:40 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly does what it says (calls a Klarity booking API to arrange telehealth appointments) but has a few incoherent or risky elements you should understand before installing.
- Guidance
- This skill appears to implement booking by calling https://rx.helloklarity.com and will ask users for sensitive personal and health information (name, DOB, email, phone, insurance IDs) and then POST that data to an external API. Before installing, consider: (1) Do you trust the external domain (rx.helloklarity.com)? Verify vendor identity and privacy/HIPAA handling. (2) The script accepts an undocumented BOOKING_API_URL environment override — ensure runtime environments cannot set this to a malicious endpoint (lock/whitelist or remove override). (3) The SKILL.md claims multiple partner platforms but only Klarity is implemented — ask the author to clarify. (4) Ensure your agent/runtime will not log or persist PHI in telemetry or debug logs and that you have user consent to transmit sensitive data. (5) Prefer testing in 'dry-run' mode (book-dry) and review network traffic from a safe test account before using with real patient data. If you need help vetting the remote service or restricting BOOKING_API_URL, get a security/IT review first.
Review Dimensions
- Purpose & Capability
- okThe skill's name/description align with the provided code and API reference: the script and docs call Klarity's booking endpoints to list services, search availability, and create bookings. No unrelated cloud credentials or unrelated binaries are requested.
- Instruction Scope
- concernThe runtime instructions collect sensitive personal and health information (name, DOB, email, phone, insurance IDs) and instruct the agent to POST that data to an external service (rx.helloklarity.com). That is expected for booking but is high-sensitivity (PHI). The SKILL.md also references multiple 'curated platforms' (Klarity, One Behavior, ABHolistic) but the included implementation and API reference only target Klarity — an inconsistency. The skill relies on a local script (scripts/booking-api.sh) and tells the agent to run it; the script in turn reads an environment variable (BOOKING_API_URL) that is not documented in the skill metadata, which is a scope creep / surprise.
- Install Mechanism
- okNo install spec — instruction-only plus a small bash client. No remote downloads or package installs. The script uses standard tools (curl, python3) that are normally present; this is low installation risk.
- Credentials
- concernThe skill metadata declares no required env vars, but the script honors BOOKING_API_URL to override the base endpoint. That environment variable is not declared in requires.env or explained in the SKILL.md metadata. Allowing an undocumented override of the booking endpoint is a risk (malicious or accidental redirection of PHI). Other than that, no extraneous credentials are requested.
- Persistence & Privilege
- okalways is false and the skill has no install-time persistence. It does instruct the agent not to store patient data, which is appropriate, but the platform cannot enforce that — the instruction itself is not a guarantee.