Case Echo
PassAudited by ClawScan on May 10, 2026.
Overview
This is a small local parser for Chinese medical case text; the main caution is to pass the user text safely when invoking its shell script.
This skill appears safe for local structured extraction, but treat medical case text as sensitive and make sure the agent invokes the script with safe argument handling. You may also need bash and python3 installed even though the metadata does not declare them.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked carelessly, unusual characters in the case text could affect the shell command rather than being treated purely as text.
The primary workflow inserts user-provided case text into a shell command. This is expected for the skill, but agents should avoid unsafe string interpolation because shell metacharacters in the text could be interpreted if not passed safely.
bash scripts/run_case_echo.sh "<USER_CASE_TEXT>"
Invoke the script with safe argv/stdin handling or robust shell escaping, and avoid pasting untrusted text directly into a command string.
The skill may fail on systems without bash or python3 even though the registry does not list those requirements.
The runnable helper depends on bash and python3, while the registry requirements declare no required binaries. The dependency is visible and purpose-aligned, but the metadata is incomplete.
#!/usr/bin/env bash set -euo pipefail ... python3 "$SCRIPT_DIR/extract_case.py" --text "$1"
Declare bash/python3 runtime requirements in metadata, or document them clearly for users.