Open Health
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is clearly meant to book telehealth visits, but it handles highly sensitive health and insurance information through command-line calls and can create real appointments without an explicit final confirmation safeguard.
Review carefully before installing. This skill appears purpose-aligned and not malicious, but it handles highly sensitive health and insurance details and can create real appointments. Use it only if you trust the provider endpoint and your agent environment will not save or expose the booking conversation or command arguments.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive health, identity, contact, and insurance information could be retained or exposed outside the intended provider API call.
SKILL.md says the booking payload includes name, DOB, email, phone, and insurance ID. Passing that payload as a command argument and shell variable can expose it to tool transcripts, process listings, or logs, which undercuts the skill's stated no-log/no-store requirement.
book '<json>' ... json="${1:-}" ... curl -s -X POST ... -d "$json"Use this only if the host agent can avoid saving chats/tool logs for the booking flow. The skill should use a safer input path such as stdin or a dedicated redacting tool, and should document retention and logging limits clearly.
The agent could create a real medical appointment, trigger confirmations, or create cancellation/payment obligations before the user has reviewed all final details.
The instruction moves directly from collecting patient details to the live booking command. The artifacts reference a dry-run mode, but the main workflow does not require a final confirmation or validation step before creating a real appointment.
After the user picks a provider and slot: ... Run: `scripts/booking-api.sh book <json-payload>`
Require an explicit final confirmation that summarizes provider, time, service, payment method, patient details, and any cancellation/cost implications before running the live booking command.
A third-party booking service receives personal health-related and insurance information.
Collecting and sending these details is expected for appointment booking, but it uses sensitive identity and insurance information to act on the user's behalf.
This skill collects patient information (name, DOB, email, phone, insurance ID) solely to complete the booking API call. This data is sent directly to `https://rx.helloklarity.com` over HTTPS
Only provide these details if you intend to book and trust the provider endpoint. Verify the appointment details and avoid using this for emergencies or crisis care.
Users may have less information to verify who maintains the skill or its relationship to the booking provider.
For a healthcare booking skill that sends sensitive patient data to an external service, limited publisher/homepage provenance makes independent verification harder, even though the included helper code is straightforward.
Source: unknown; Homepage: none
Verify the domain and provider relationship before sharing patient information, and prefer a skill version with clearer publisher and support information.