MedPilot
Security checks across malware telemetry and agentic risk
Overview
MedPilot is a coherent local single-patient health-tracking skill, but it handles sensitive medical data and assumes use of a trusted local MedPilot CLI/API.
This skill appears purpose-aligned and locally scoped. Before using it, make sure the local MedPilot CLI/API is trusted, keep any MedPilot token private, and confirm medication or health-record writes before the agent runs them.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your medication orders, intake history, and health readings may be entered into local records and reports.
The skill asks the agent to collect and use private health details for tracking, reminders, alerts, and reports, so any stored or reused MedPilot state should be treated as sensitive.
- patient identity for this local instance - doctor order text - medication intake updates - home metrics such as blood pressure or glucose
Use the skill only with a trusted local deployment, understand where local data is stored, and avoid entering unrelated medical details.
A mistaken command could record the wrong medication, time, or patient state.
The quickstart documents API calls that can write medication intake records. This is aligned with the skill purpose, but incorrect parameters could create inaccurate health logs.
curl -X POST http://localhost:3456/api/intakes -H 'Content-Type: application/json' -H 'X-MedPilot-Token: <token>'
Have the agent summarize patient IDs, medication IDs, and record changes before writing them, especially for intake or skipped-dose logs.
If the token is exposed or used against the wrong local instance, someone or something could access or change health records.
The local API examples use an authorization token. That is expected for an API workflow, but the token grants access to the local MedPilot instance and should be handled as a credential.
-H 'X-MedPilot-Token: <token>'
Keep the MedPilot token private, provide it only when needed, and rotate or revoke it if it is pasted into an untrusted place.
Running the command from an untrusted directory could execute unrelated npm scripts or operate on an unintended local project.
The skill package is instruction-only but its examples rely on a separate local npm project or CLI. The safety of that external local project is not established by these artifacts.
npm run dev -- ingest-order --patient <patient-id> --text
Run the CLI examples only inside a trusted MedPilot project and review the local package scripts before use.