ClawHub
Back to skill
v1.0.1

Health Recorts

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:19 AM.

Analysis

This is a coherent local health-record organizer, with the main caveat that it creates persistent files containing sensitive medical information and may use external OCR only if the user explicitly approves it.

GuidanceBefore installing, decide where the health workspace should live, whether it may be cloud-synced, how long records should be retained, and whether any external OCR or API processing is acceptable. The artifacts are privacy-conscious and purpose-aligned, but the resulting files may contain highly sensitive medical information.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
references/workflow.md
Copy the original file into: - `health/reports/` for PDFs - `health/scans/` for images

The workflow includes local file copying and later creation or update of Markdown, CSV, JSON, dashboard, and history files.

User impactThe skill will modify the user’s local file environment by creating and updating a health-record folder structure.
RecommendationUse a clearly chosen folder, review generated files, and keep backups if the records are important.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
maintain a durable system with raw files, readable notes, structured data, and summaries

The skill is designed to persist sensitive health records and extracted summaries for reuse over time.

User impactThe generated workspace may contain private medical reports, lab values, symptoms, prescriptions, and summaries that should be protected like other sensitive health records.
RecommendationStore the workspace in a private location, avoid syncing it to untrusted services, and decide retention/deletion expectations before adding records.
Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Do not upload health files, screenshots, or extracted data to third-party OCR/API services unless the user explicitly approves it for this workflow.

The skill contemplates possible third-party OCR or API processing, but clearly sets local-only as the default and requires explicit user approval first.

User impactIf the user approves an external OCR or API service, sensitive health documents or extracted data could leave the local device.
RecommendationOnly approve external processing for trusted services and only for the specific files needed.